Docstoc

D38966

Document Sample
D38966 Powered By Docstoc
					Oracle Application Server 10g: Administration - I
Volume 1 - Student Guide

D16508GC10 Production 1.0 January 2004 D38966

Author
Sergiy Pecherskyy Shaibal Saha Shankar Raman

Copyright © 2004, Oracle. All rights reserved. This documentation contains proprietary information of Oracle Corporation. It is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright law. Reverse engineering of the software is prohibited. If this documentation is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable: Restricted Rights Legend Use, duplication or disclosure by the Government is subject to restrictions for commercial computer software and shall be deemed to be Restricted Rights software under Federal law, as set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013, Rights in Technical Data and Computer Software (October 1988). This material or any portion of it may not be copied in any form or by any means without the express prior written permission of Oracle Corporation. Any other copying is a violation of copyright law and may result in civil and/or criminal penalties. If this documentation is delivered to a U.S. Government Agency not within the Department of Defense, then it is delivered with “Restricted Rights,” as defined in FAR 52.227-14, Rights in Data-General, including Alternate III (June 1987). The information in this document is subject to change without notice. If you find any problems in the documentation, please report them in writing to Education Products, Oracle Corporation, 500 Oracle Parkway, Box SB-6, Redwood Shores, CA 94065. Oracle Corporation does not warrant that this document is error-free. All references to Oracle and Oracle products are trademarks or registered trademarks of Oracle Corporation. All other products or company names are used for identification purposes only, and may be trademarks of their respective owners.

Technical Contributors and Reviewers
Alexander Hunold Ashesh Parekh Christine Chan Christine Jeal Greg Gagnon Heike Hundt Holger Dindler-Rasmussen Jim Garm John Watson Maria Palazzolo Mark Pare Martijn.van.der.bruggen Martin Alvarez Matt Bowen Nicole Haba Pavana Jain Paul Burgess Peter Kilpatrick Reinhold Muenzner Russ Lowenthal Taj-Ul Islam Vishal Parashar William (Cas) Prewitt Yi Lu

Publisher
Sujatha Nagendra

Contents
Preface 1 Introduction Course Objectives 1-2 Course Units 1-4 Unit 1: Product Overview 1-5 Unit 2: Installation 1-6 Unit 3: Basic Management and Configuration 1-7 Unit 4: Application Deployment 1-9 Unit 5: Managing Access Control 1-10 Unit 6: Distributed Topologies 1-11 Unit 7: Performance and Availability 1-12 Unit 8: Advanced Deployment 1-13 Summary 1-14 Oracle Application Server: Key Components and Features Objectives 2-2 Oracle Application Server: Overview 2-3 OracleAS Middle-Tier Components and Solutions 2-5 Oracle Application Server Terminology 2-6 Oracle HTTP Server 2-7 OracleAS Containers for J2EE 2-8 OracleAS Web Services 2-9 OracleAS Enterprise Portal 2-10 Wireless-Enabled Applications 2-11 OracleAS Reports Services 2-12 OracleAS Discoverer 2-13 OracleAS Web Cache 2-14 Enhancing Performance with Caching 2-15 Oracle Application Server Management 2-16 OracleAS Infrastructure 2-17 Oracle Internet Directory and Security 2-18 Securing the Web Infrastructure 2-19 Oracle Application Server: Quick Tour 2-20 Summary 2-21 Analyzing the Oracle Application Server Architecture Objectives 3-2 Oracle Application Server Products 3-3 Oracle Application Server Installation Types 3-4 OracleAS Infrastructure Installation Types 3-5 OracleAS Middle-Tier Components 3-6 Installation Types That Require Infrastructure 3-8 OracleAS Infrastructure Components 3-9 Services and Components of OracleAS Infrastructure 3-10 Order of Installing OracleAS Infrastructure Components 3-11 OracleAS Developer Kits 3-12
iii

2

3

Introducing OracleAS Deployments 3-13 A Simple Oracle Application Server Topology 3-14 Using OracleAS Infrastructure 3-15 Oracle Application Server and Infrastructure 3-16 OracleAS Web Cache 3-17 OracleAS Portal 3-18 OracleAS Wireless 3-19 Wireless-Enabled Portal 3-20 OracleAS Reports Service 3-21 OracleAS Forms Services 3-22 OracleAS Discoverer 3-23 OracleAS Personalization 3-24 Summary 3-25 4 Installing the OracleAS Infrastructure Objectives 4-2 Services and Components of OracleAS Infrastructure 4-3 OracleAS Infrastructure Installation: Overview 4-5 Minimum Requirements for OracleAS Infrastructure 4-6 Setting Up the Environment 4-8 OracleAS Infrastructure: Installation Steps 4-10 Starting the Installation 4-12 Oracle Universal Installer 4-13 First Installation of Oracle Product 4-14 Specify File Locations Window 4-15 Select a Product to Install 4-16 Select Installation Type 4-17 Preview of Infrastructure Installation 4-19 Select Configuration Options 4-20 Specify Identity Management Realm 4-21 OracleAS Certificate Authority 4-22 Database Identification 4-23 Passwords and Database File Location 4-24 Database Character Set 4-25 Specify Instance Details 4-26 Summary of Installation 4-27 End of Installation Window 4-28 Postinstallation Tasks 4-29 Accessing the OracleAS Instance 4-30

iv

Application Server Control 4-31 Verifying OID Server 4-32 Accessing the SSO Server 4-33 Starting and Stopping OracleAS Infrastructure 4-34 Summary 4-35 5 Installing the OracleAS Middle Tier Objectives 5-2 OracleAS Middle-Tier Installation Phases: Overview 5-3 Preinstallation: OracleAS Middle Tier Requirements 5-4 Preinstallation: Setting Up the Environment 5-5 Installation: Starting the Installer 5-6 Installation: Installer Steps Overview 5-7 Specifying File Locations 5-8 Selecting a Product 5-9 Selecting an Installation Type 5-10 OUI: Selecting Component Configuration 5-11 Registering with OID 5-12 Using Metadata Repository 5-13 Instance Name and ias_admin Password 5-14 Installer: Summary 5-15 Installer: End of Installation 5-16 Accessing the Application Server Control 5-17 Application Server Ports Page 5-18 Accessing the Component Home Pages 5-19 Accessing the Welcome Page 5-20 Accessing OracleAS Portal Welcome Page 5-21 Accessing OracleAS Reports Services 5-22 Accessing OracleAS Forms Services 5-23 Summary 5-24 Using Oracle Application Server Management Tools Objectives 6-2 Oracle Application Server: Overview 6-3 Application Server Control 6-4 The emctl Utility 6-5 Using Application Server Control 6-6 Application Server Control: Home Pages 6-7 OracleAS Farm Page 6-8

6

v

OracleAS Instance Home Page 6-9 Starting, Stopping, and Restarting OracleAS Instances 6-10 Oracle Application Server Component Home Pages 6-11 Starting, Stopping, and Restarting Components 6-12 Obtaining Common Metrics About Oracle Application Server 6-13 Log Viewer 6-14 Obtaining Information About the Host Computer 6-15 OracleAS Host Home Page 6-16 Enabling SSL for Application Server Control 6-17 Oracle Process Management and Notification Server 6-18 OPMNCTL Command 6-19 Typical Startup Sequence 6-20 Typical Shutdown Sequence 6-21 Distributed Configuration Management 6-22 DCM and Metadata Repository 6-23 Using dcmctl 6-24 Using dcmctl in Batch Mode 6-25 Management Tasks: Tools 6-26 OracleAS Hi-Av Tool (iHAT) 6-27 Monitoring with iHAT 6-28 Summary 6-29 7 Managing the Oracle Internet Directory Objectives 7-2 What Is a Directory? 7-3 Lightweight Directory Access Protocol (LDAP) 7-5 LDAP Components 7-7 Oracle Internet Directory (OID) 7-9 Security Benefits of OID 7-10 OID Architecture Overview 7-11 OID Server Instance Architecture 7-12 OID Node Architecture Components 7-13 OID Server Processes 7-15 Starting OID Monitor Process 7-16 Starting Oracle Internet Directory Server Instance 7-17 OID Log Files 7-19 Stopping OID Server Instance 7-20

vi

Stopping OID Monitor Process 7-21 OID Command-Line Tools 7-22 Using Bulk Tools 7-23 Using LDAP Command-Line Tools 7-24 Overview of Oracle Directory Manager 7-25 Connecting to the OID Server 7-26 ODM Connect Dialog Box 7-27 Using ODM 7-29 ODM Navigation Pane 7-30 Disconnecting from the OID Server 7-31 Summary 7-32 8A Managing and Configuring Oracle HTTP Server Objectives 8A-2 Introduction to Oracle HTTP Server 8A-3 Oracle HTTP Server Modules 8A-4 HTTP Server Processing Model 8A-6 Managing Processes and Connections 8A-7 Starting, Stopping, and Restarting OHS 8A-9 Starting and Stopping the HTTP Server Manually 8A-10 Directory Structure 8A-11 Oracle HTTP Server Configuration Files 8A-12 Specifying File Locations 8A-14 Oracle HTTP Server Home Page 8A-16 Configuring the Oracle HTTP Server 8A-17 Controlling Access to the Application Server 8A-18 Modifying the Server Properties 8A-20 Specifying Listener and Port 8A-21 Administrative Directives 8A-22 Server Logs 8A-23 LogLevel Directive 8A-25 Log Formats 8A-26 Resetting Log Files 8A-27 Changing Error Log Properties 8A-28 Adding an Access Log File 8A-29 Managing Client Requests and Connection Handling 8A-30 Advanced Server Properties 8A-31 Editing Server Configuration Files 8A-32 Getting the Server Status 8A-33 Monitoring Oracle HTTP Server 8A-34 Summary 8A-35
vii

8B Configuring Directives and Virtual Hosts Objectives 8B-2 Configuration Contexts 8B-3 Container Directives 8B-5 Block Directives 8B-6 Merging Containers and Contents 8B-7 Context Merging and Inheritance 8B-8 Where the Directives Can Be Specified 8B-9 <Directory> Directive 8B-11 <Files> and <Location> 8B-12 <VirtualHost> Directive 8B-14 Defining Virtual Hosts 8B-15 Using IP-Based Virtual Hosts 8B-17 Using Name-Based Virtual Hosts 8B-18 Configuring Virtual Hosts 8B-19 Controlling Allowed Features 8B-20 Options Parameters 8B-21 Using Options 8B-23 Enabling Server-Side Includes (SSI) 8B-24 Overriding Directives with the Per-Directory Configuration 8B-25 Directory Indexing 8B-27 DirectoryIndex Directive 8B-28 Controlling Directory Listings with IndexIgnore 8B-29 Error and Response Handling 8B-30 Expires Header 8B-32 Alias, AliasMatch, and ScriptAlias 8B-34 Summary 8B-35 8C Configuring mod_rewrite Objectives 8C-2 Regular Expressions 8C-3 Matching Characters 8C-4 Rules for Regular Expressions 8C-5 The Metacharacters ^ and $ 8C-6 Quantifiers for Characters 8C-7 “Escaped” Characters Literals 8C-8 Grouping Regular Expressions 8C-9 Introduction to mod_rewrite 8C-10

viii

Functioning of mod_rewrite 8C-11 Rewrite: Example 8C-13 mod_rewrite Directives 8C-14 Rewrite Rule: Tips 8C-17 Redirecting: Examples 8C-18 Summary 8C-19 9 Managing and Configuring OracleAS Web Cache Objectives 9-2 What Is OracleAS Web Cache? 9-3 OracleAS Web Cache Architecture 9-4 How Does OracleAS Web Cache Work? 9-5 OracleAS Web Cache Concepts 9-6 Administering OracleAS Web Cache 9-8 OracleAS Web Cache Home Page 9-9 OracleAS Web Cache Manager 9-10 Using opmnctl to Start and Stop OracleAS Web Cache 9-11 Using Application Server Control to Start and Stop OracleAS Web Cache 9-12 Modifying Security Settings 9-13 Configure Listening Ports for Requests 9-15 Specifying Origin Server Settings 9-16 Site Definitions 9-18 Configuring Site Definitions 9-19 Configuring Site to Server Mapping 9-21 Caching Rules: Overview 9-23 Predefined Caching Rules 9-24 Rules for Caching, Personalization, and Compression 9-25 Creating Caching Rules 9-26 Edit Cacheability Rules 9-28 Expiration Rules 9-30 Defining Expiration Rules 9-31 Invalidation Messages 9-32 Basic Content Invalidation 9-34 Rules for Multiple-Version Documents Containing Cookies 9-35 Performance Assurance and Surge Protection 9-36 Caching Dynamic and Partial Pages 9-37 Specifying Additional Listening Ports 9-39 Changing Operations Ports 9-40 Logging Events and Accessing Information 9-41 Configuring Access Log 9-42 Configuring Event Log 9-43 Configuring Rollover Frequency 9-44 Manual Rollover of Logs 9-45 Web Cache Statistics 9-46 Summary 9-47

ix

10 Managing and Configuring OC4J Objectives 10-2 Introduction to Managing OC4J 10-3 Creating an OC4J Instance 10-4 Application Server Control: OC4J Home Page 10-6 Starting and Stopping OC4J Instance 10-7 Starting and Stopping OC4J Instances Using OPMN 10-8 Disabling OC4J Instances 10-9 Enabling OC4J Instances 10-10 OC4J Configuration Basics 10-11 OC4J Instance Configuration Files 10-12 Relationship of Configuration Files 10-13 Sample server.xml File 10-14 Sample default-web-site.xml File 10-15 Configuring OC4J Using Application Server Control 10-16 Server Properties Page: General Section 10-17 Web Site Properties 10-18 JSP Properties 10-19 Advanced Properties 10-21 Application Deployment 10-22 OC4J Applications Page 10-23 Maintaining Applications 10-24 Maintaining Web Modules 10-25 Summary 10-26 11 Managing the OracleAS Portal Objectives 11-2 OracleAS Portal Administrative Services: Overview 11-3 Managing the OracleAS Portal Instance Using Application Server Control 11-4 OracleAS Portal Instance Home Page 11-5 Monitoring the OracleAS Portal Instance 11-6 Managing the OracleAS Portal Instance Using Administrative Portlets 11-8 Default Portal Users 11-9 Default Portal Groups 11-10 OracleAS Portal Schemas 11-12 Managing Passwords for the OracleAS Portal Schemas 11-13 Managing Portal Users and Groups 11-14 Creating Portal Users 11-15 Editing Portal User Profiles 11-16

x

Mapping Portal Users to a Custom OracleAS Portal Access Schema 11-18 Creating Portal Groups 11-19 Editing Portal Group Profiles 11-20 Assigning Privileges to OracleAS Portal Users and Groups 11-21 What Is the Portlet Repository? 11-22 Accessing the Portlet Repository 11-23 Displaying the Portlet Repository Page Group 11-24 Managing the Portlet Repository 11-25 Registering a Provider 11-27 Updating the Provider Registration Information 11-28 Organizing the Portlet Repository Page Group 11-29 Securing the Portlet Repository Page Group 11-30 Invalidating the Portlet Cache 11-31 Refreshing the Portlet Repository and Individual Providers 11-32 Exporting and Importing Objects in OracleAS Portal 11-33 Creating a New Transport Set 11-35 Editing a Saved Transport Set 11-36 Exporting a Transport Set 11-37 Importing the Transport Set 11-39 Browsing Transport Sets 11-41 Summary 11-42 12 Configuring OracleAS Portal Objectives 12-2 OracleAS Portal Configuration Tasks: Overview 12-3 Self-Registration Feature in OracleAS Portal 12-4 Configuring the Self-Registration Feature in OracleAS Portal 12-5 Enabling the Self-Registration Feature in the Login Portlet 12-6 OraDAV Architecture 12-7 Configuring OraDAV Support for OracleAS Portal Access 12-8 OracleAS Portal Configuration Assistant: Overview 12-9 Linking an OracleAS Portal Instance 12-10 Configuring Language Support 12-12 Setting Language for a Portal Session 12-14 Configuring OracleAS Portal Dependencies 12-15 The Portal Dependency Setting File 12-16 The Portal Dependency Settings Tool 12-18 Summary 12-20

xi

13 Deploying PL/SQL and CGI Applications Objectives 13-2 Overview 13-3 The mod_plsql Module 13-4 Communication Flow: The Path of HTTP Requests 13-6 Enabling a PL/SQL Application 13-7 mod_plsql Configuration Files 13-8 plsql.conf file 13-9 dads.conf File 13-10 Configuring mod_plsql 13-11 Obtaining Information About mod_plsql 13-13 Configuring DADs Using dads.conf 13-14 DAD Creation Wizard 13-15 Invoking a PL/SQL Application 13-16 Invoking a PL/SQL Application: Example 1 13-17 Invoking a PL/SQL Application: Example 2 13-18 Preventing the Execution of PL/SQL Procedures 13-19 How To Use PlsqlExclusionList 13-20 cache.conf file 13-22 Troubleshooting 13-24 PL/SQL Server Pages 13-25 Introducing the mod_cgi Module 13-26 Enabling CGI Scripts and Improving Security 13-27 Working with CGI 13-28 The mod_fastcgi Module 13-29 Benefits of FastCGI 13-30 Enabling the FastCGI Server 13-31 Overview of the mod_perl Module 13-32 Controlling Dynamic Content and Security 13-33 Database Providers and PL/SQL Portlets 13-34 Installing the Database Provider and Its PL/SQL Portlets 13-35 Registering the Database Provider with OracleAS Portal 13-36 Registering the Database Provider Using OracleAS Portal 13-37 Adding the Portlet to a Portal Page 13-38 Summary 13-39

xii

14 Deploying J2EE Applications Objectives 14-2 Deploying Web Application Modules Using Application Server Control 14-3 Deploying Web Application Modules Using dcmctl 14-4 J2EE Architecture 14-5 Databases and J2EE 14-6 Data Sources and the Deployer Role 14-7 Specifying Data Sources 14-8 Obtaining Data Source Information 14-9 Sample data-sources.xml File 14-10 Creating a Data Source: General 14-11 Creating a Data Source: Username and Password 14-12 Creating a Data Source: JNDI Locations 14-13 Creating a Data Source: Connection Attributes and Properties 14-14 Enterprise JavaBeans 14-15 EJB Structure 14-16 EJB and OC4J 14-17 EJB Module 14-18 Specifying CMP Data Source 14-19 Binding EJBs to Existing Tables 14-20 Deploying J2EE Applications Using Application Server Control 14-21 Deploying J2EE Applications Using dcmctl 14-25 Accessing Web Providers 14-26 Testing Web Providers 14-27 Registering Web Providers 14-28 Registering Web Providers: Provider Information 14-29 Registering Web Providers: General Properties 14-30 Registering Web Providers: Control Access 14-31 Adding the Portlet to a Portal Page 14-32 Summary 14-33 15 Configuring Oracle Application Server Components in OID Objectives 15-2 Identity Management: Overview 15-3 Benefits of Identity Management 15-4 Oracle Identity Management 15-5

xiii

Oracle Identity Management Infrastructure 15-6 Oracle Application Server Components and OID 15-7 OID and Application Environment 15-9 Default Schema and Directory Information Tree (DIT) 15-10 Default Identity Management Realm 15-11 Identity Management Realm-Specific Oracle Context 15-12 Identity Management Realm-Specific Common Entries 15-13 Default Identity Management Realm Configuration 15-15 OracleAS Bootstrap Model 15-16 OID Administration Delegation Flow 15-17 Delegated Directory Administration 15-18 OID Protection Domains 15-19 Directory Roles 15-20 Oracle Application Server Administration Model 15-21 User Administration 15-22 Group Administration 15-23 Administrative Groups 15-24 Administer Users and Groups in Oracle Application Server 15-25 Storage of User Credentials 15-26 Password Policies 15-27 Managing Password Policies Using ODM 15-29 Modifying Password Policies by Using ODM 15-31 Managing Password Policies by Using Command-Line Tools 15-32 Modifying the OID Administrator Password 15-33 Modifying the Administrator Password 15-34 Relationship Between OracleAS Portal and OID 15-35 OracleAS Portal Directory Entries in OID 15-36 Configuring OID Settings in OracleAS Portal 15-38 Caching OID Information in OracleAS Portal 15-39 Synchronizing Cached OID Information in OracleAS Portal 15-40 Enabling Directory Synchronization in the OracleAS Portal Instance 15-41 Summary 15-42 16 Managing Access Using Delegated Administration Service Objectives 16-2 Delegated Administrative Service 16-3 Benefits of DAS and OID Self-Service Console 16-5 Concept and Architecture of DAS 16-6 How DAS Works 16-7 DAS Proxy User 16-9 Starting and Stopping DAS 16-10 Verifying that DAS Is Running 16-11 Configuring the Default Identity Management Realm-Specific Context 16-12 Configuring User Entries 16-14

xiv

Managing Users, Groups, and Subscribers Using DAS 16-16 Searching for User and Group Entries Using DAS 16-17 Maintaining User Entries Using DAS 16-18 Changing Passwords 16-19 Creating Group Entries by Using DAS 16-21 Modifying and Deleting Group Entries Using DAS 16-23 Assigning Privileges to Users and Groups Using DAS 16-24 Managing Services 16-25 Managing Accounts 16-26 Creating Identity Management Realm 16-27 Accessing DAS from OracleAS Portal 16-29 Granting Privileges to OracleAS Portal Users by Using DAS Roles 16-30 Disabling the Privilege Assignment Section 16-31 Summary 16-32 17 Administering the OracleAS Single Sign-On Server Objectives 17-2 OracleAS Single Sign-On Server: Overview 17-3 Single Sign-On Components 17-4 Authentication Flow for OracleAS Single Sign-On 17-6 Starting and Stopping OracleAS Single Sign-On Components 17-8 OracleAS Single Sign-On Administrator’s Role 17-10 OracleAS Single Sign-On Administration Pages 17-12 Configuring the OracleAS Single Sign-On Server 17-13 Partner Application: Overview 17-14 Registering mod_osso 17-15 Creating and Editing a Partner Application 17-17 Administering External Applications 17-20 Adding an External Application 17-21 Accessing External Application and Storing Its Credentials 17-23 Monitoring OracleAS Single Sign-On Server 17-24 Accessing SSO Server from OracleAS Portal 17-26 Accessing External Applications from OracleAS Portal 17-27 Summary 17-28

xv

18 Securing OracleAS Components Using SSL Objectives 18-2 What Is SSL? 18-3 Digital Certificates: Overview 18-4 Using Digital Signatures 18-6 How SSL Works? 18-7 What Is Oracle Wallet Manager? 18-9 Oracle Wallet Manager Functions 18-10 Managing Wallets 18-11 Creating a New Wallet 18-12 Saving a Wallet 18-13 Deleting a Wallet 18-14 Changing the Wallet Password 18-15 Using the Auto Login Feature 18-16 Exporting a Wallet 18-17 Uploading Wallets 18-18 Downloading Wallets 18-20 Managing User Certificates 18-21 Adding a Certificate Request 18-22 Exporting a User Certificate Request 18-23 Importing the User Certificate into the Wallet 18-24 Exporting a User Certificate 18-25 Managing Trusted Certificates 18-26 Importing a Trusted Certificate 18-27 Exporting a Trusted Certificate 18-28 Enable Oracle HTTP Server to Use SSL 18-29 Configuring Oracle HTTP Server for SSL Certificates 18-30 Classification of mod_ossl Directives 18-32 mod_ossl Directives 18-33 Configure OracleAS SSO for Certificates 18-36 Adding User Certificates to OID 18-37 Configuring OracleAS Web Cache to Use SSL 18-39 Securing OracleAS Portal 18-40 Securing the Parallel Page Engine 18-41 Associating the OracleAS Portal with OracleAS SSO in SSL Mode 18-42 Associating the OracleAS Portal with OracleAS SSO Using OPCA 18-43 Securing Calls to DAS from OracleAS Portal 18-45 Summary 18-46

xvi

19 Managing and Configuring OracleAS Certificate Authority Objectives 19-2 Public Key Infrastructure 19-3 Traditional Certificate Provisioning 19-5 Oracle PKI Management Tools 19-6 OracleAS Certificate Authority 19-8 OracleAS Certificate Authority: Key Features 19-9 OCA Single Sign-On Authentication 19-11 OracleAS Certificate Provisioning 19-12 OCA Architecture 19-13 OCA Functional Structure 19-14 OCA Configuration Elements 19-16 Starting and Stopping OCA 19-18 Accessing the OCA Home Page 19-19 Details Required to Obtain a Certificate 19-20 Requesting the Web Administrator Certificate 19-21 OCA Administration Home Page 19-22 Certificate Management Tab 19-23 Listing a Single Certificate Request or Issued Certificate 19-24 Viewing Certificate Details 19-25 Approving Certificate Requests 19-26 Rejecting Certificate Requests 19-27 Revoking Certificates 19-28 Renewing Certificates 19-29 Updating the Certificate Revocation List (CRL) 19-30 Accessing the End-User Interface 19-32 User Certificates 19-33 Single Sign-On Authentication 19-34 Summary 19-35 Appendix A: Practices Appendix B: Solutions Appendix C: Glossary Appendix D: Introduction to Linux Appendix E: Introduction to OracleAS Portal

xvii

Preface

Preface - 2

Profile Before You Begin This Course Before you begin this course, you should have the following qualifications: • Working experience with LINUX operating system How This Course Is Organized Oracle Application Server 10g: Administration I is an instructor-led course featuring lecture and hands-on exercises. Online demonstrations and written practice sessions reinforce the concepts and skills introduced in this course.

Preface - 3

Related Publications Oracle Publications Title Oracle Application Server 10g Installation Guide for Linux Oracle Application Server 10g Release Notes10g (9.0.4) for Linux x86 Oracle Application Server 10g Concepts Oracle Application Server 10g Quick Tour Oracle Application Server 10g Concepts Oracle Application Server 10g Administrator's Guide Oracle Application Server 10g Security Guide Oracle Application Server 10g Application Developer's Guide Oracle Application Server 10g Performance Guide Oracle Application Server 10g Documentation Library Online Help Oracle HTTP Server Administrator's Guide Oracle Application Server Containers for J2EE User's Guide Oracle Application Server 10g mod_plsql User's Guide Oracle Application Server Portal Configuration Guide Oracle Application Server Web Cache Administrator's Guide Oracle Enterprise Manager Concepts Oracle Application Server Single Sign-On Administrator's Guide Oracle Application Server Certificate Authority Administrator's Guide Oracle Internet Directory Administrator's Guide Part Number B10842-03 B12261-04 B10375-01 B10374-01 B10375-01 B10376-01 B10377-01 B10378-01 B10379-01 B10490-01 B10381-01 B10322-01 B10357-01 B10356-01 B10401-01 B12016-02 B10851-01 B10663-01 B12118-01

Oracle Identity Management Concepts and Deployment Planning Guide B10660-01 Additional Publications • • • • • System release bulletins Installation and user’s guides Read-me files International Oracle User’s Group (IOUG) articles Oracle Magazine

Preface - 4

Typographic Conventions Typographic Conventions In Text Convention Bold Element Emphasized words and phrases in Web content only Glossary terms (if there is a glossary) Key names Buttons, check boxes, triggers, windows Example To navigate within this application , do not click the Back and Forward buttons.
The algorithm inserts the new key.

Bold italic

Brackets Caps and lowercase

Press [Enter]. Click the Executable button. Select the Registration Required check box. Assign a When -Validate-Item trigger. Open the Master Schedule window.

Carets Commas

Menu paths Key sequences

Select File > Save. Press and release these keys one at a time: [Alt], [F], [D]

Preface - 5

Typographic Conventions (continued) Typographic Conventions In Text (continued)

Convention Courier New, case sensitive

Object or Term Code output, SQL and PL/SQL code elements, Java code elements, directory names, filenames, passwords, pathnames, URLs, user input, usernames

Example Code output: debug.seti (‘I’,300); SQL code elements: Use the SELECT command to view information stored in the last_name column of the emp table. Java code elements: Java programming involves the String and StringBuffer classes. Directory names: bin (DOS), $FMHOME (UNIX) Filenames: Locate the init.ora file. Passwords: Use tiger as your password. Pathnames: Open c:\my_docs\projects. URLs: Go to http://www.oracle.com. User input: Enter 300. Usernames: Log on as scott.

Initial cap

Graphics labels (unless the term is a proper noun) Emphasized words and phrases in print publications, titles of books and courses, variables Key combinations Lesson and chapter titles in cross references, interface elements with long names that have only initial caps

Customer address (but Oracle Payables)

Italic

Do not save changes to the database. For further information, see Oracle7 Server SQL Language Reference Manual. Enter user_id@us.oracle.com, where user_id is the name of the user. Press and hold these keys simultaneously: [Control] + [Alt] + [Delete] This subject is covered in Unit II, Lesson 3, “Working with Objects.” Select the “Include a reusable module component” and click Finish. Use the “WHERE clause of query” property.

Plus signs Quotation marks

Preface - 6

Typographic Conventions (continued) Typographic Conventions in Navigation Paths This course uses simplified navigation paths, such as the following example, to direct you through Oracle Applications. Example: Invoice Batch Summary (N) Invoice > Entry > Invoice Batches Summary (M) Query > Find (B) Approve This simplified path translates to the following: 1. (N) From the Navigator window, select Invoice > Entry > Invoice Batches Summary. 2. (M) From the menu, select Query > Find. 3. (B) Click the Approve button. Notation: (N) = Navigator (M) = Menu (T) = Tab (I) = Icon (H) = Hyperlink (B) = Button

Preface - 7

Introduction

Copyright © 2004, Oracle. All rights reserved.

Course Objectives
After completing this course, you should be able to do the following: • Describe the role of a Web administrator • Describe the architecture and components of Oracle Application Server (OracleAS) • Install OracleAS Infrastructure and OracleAS Middle Tier • Configure and manage OracleAS Middle Tier components

Copyright © 2004, Oracle. All rights reserved.

Course Aim This course teaches you to perform the OracleAS Administration tasks such as: • Installing and configuring Oracle Application Server components • Deploying Applications • Implementing access control and security • Monitoring performance and availability of Oracle Application Server and the deployed applications

Oracle Application Server 10g: Administration I 1-2

Course Objectives
• Configure and manage OracleAS Infrastructure components such as:
– Oracle Internet Directory – OracleAS Single Sign-On server

• • •

Manage and configure OracleAS Certificate Authority Deploy and manage Web applications Describe backup and recovery solutions for OracleAS Infrastructure and OracleAS Middle Tier

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 1-3

Course Units
This course has been divided into the following units: 1. Product Overview 2. Installation Admin I 3. Basic Management and Configuration 4. Application Deployment 5. Managing Access Control 6. Distributed Topologies Admin II 7. Performance and Availability 8. Advanced Deployment

Copyright © 2004, Oracle. All rights reserved.

Course Units This course has been divided into eight units. Each unit addresses a major task that an OracleAS Administrator is expected to perform. Further, the units are grouped into two sections: Administration I and Administration II. The tasks that are taught in the Administration I section of the course are related to the administration of the default installation of OracleAS Infrastructure and OracleAS middle tier with the BI and Forms installation type. The tasks that are taught in the Administration II section of the course deal with the additional configurations such as distributed topologies and configuring high availability for middle tier or infrastructure. The units are described further in the following pages.

Oracle Application Server 10g: Administration I 1-4

Unit 1: Product Overview
This unit covers the following lessons: • Oracle Application Server: Key Components and Features • Analyzing the Oracle Application Server Architecture

Copyright © 2004, Oracle. All rights reserved.

Product Overview The Oracle Application Server solution areas and product components are discussed to explain the installation type necessary for your business goals. The following are the key solution areas addressed by Oracle Application Server: • J2EE, Web services, and Internet applications • Creating personalized portals • Wireless-enabled applications • Accelerating performance with caching • Providing business intelligence for the Web • Managing and securing Web infrastructure

Oracle Application Server 10g: Administration I 1-5

Unit 2: Installation
This unit covers the following lessons: • Installing OracleAS Infrastructure • Installing the OracleAS Middle Tier

Copyright © 2004, Oracle. All rights reserved.

Installation Each installation of Oracle Application Server would depend on the options chosen at the time of installation; however, there are common elements to each installation. You learn about the components that form the core of the Oracle Application Server architecture and that are common to most installations and also about some of the components that enhance this architecture. You also learn about the request and the communication flow involved in providing services to clients. The middle tier contains software that enables you to deliver Web content, host Web applications, connect to back-office applications, and access your data on wireless devices. In this lesson, you learn how to choose the installation option that is appropriate for your needs, perform the installation tasks, and verify whether the installation was successful. OracleAS Infrastructure is a prerequisite for many middle-tier installations. The components in the OracleAS Infrastructure act as service providers for the middle tier. You will learn how to configure and enable these components to best suit the middle-tier architecture in your environment.

Oracle Application Server 10g: Administration I 1-6

Unit 3: Basic Management and Configuration
This unit covers the following lessons: • Using OracleAS Management Tools • Managing Oracle Internet Directory • Managing and Configuring Oracle HTTP Server • Managing and Configuring OracleAS Web Cache • Managing and Configuring OC4J • Managing the OracleAS Portal Instance • Configuring OracleAS Portal

Copyright © 2004, Oracle. All rights reserved.

Basic Management and Configuration Oracle Application Server provides flexibility in managing your Oracle Application Server environment. You learn how to use the Web-based Application Server Control to manage OracleAS instances. You will also learn to perform basic management tasks such as starting and stopping the OracleAS Infrastructure and middle-tier components by using command-line interfaces. Oracle Internet Directory (OID) is installed with the OracleAS Infrastructure. In this lesson, you learn the concepts of Lightweight Directory Access Protocol (LDAP) and the architecture and processes of the OID server. You also learn about different tools for managing OID. Oracle HTTP Server (OHS) is a core component of Oracle Application Server. You learn about the configuration of Oracle HTTP Server and how to start and stop OHS. You learn to configure WebDAV support in OHS for Portal access. OracleAS Web Cache accelerates static and dynamic content delivery. You learn to use Web Cache Manager to start, stop, restart, and configure OracleAS Web Cache, including obtaining status information. Additionally, you learn to create, modify, and delete caching rules and to apply invalidation mechanisms.

Oracle Application Server 10g: Administration I 1-7

Basic Management and Configuration (continued) Oracle Application Server Components for J2EE (OC4J) is the basis for all the J2EE services that are provided by Oracle Application Server. You learn the architecture of OC4J and how to configure and manage the OC4J. OracleAS Portal is installed as part of the Oracle Application Server. OracleAS Portal supports a wide variety of topologies and configuration options. You learn to use the Oracle Portal Configuration Assistant (OPCA). You learn: • to manage the default OracleAS Portal schemas, users and groups, • to configure the self-registration feature, to administer the portlet repository, and • to migrate your portal content to another portal instance.

Oracle Application Server 10g: Administration I 1-8

Unit 4: Application Deployment
This unit covers the following lessons: • Deploying PL/SQL Applications • Deploying J2EE Applications

Copyright © 2004, Oracle. All rights reserved.

Application Deployment You learn to create, modify, and delete database access descriptors (DADs) and to secure access to your deployed PL/SQL applications. OC4J is a core component of the Oracle Application Server and is supported by all other services. You learn to deploy J2EE applications to Oracle Application Server. You also create and manage the database connectivity for J2EE applications. You learn to deploy an application by using the deployment wizard of the Application Server Control. You also learn to configure and use the preinstalled default data source in your J2EE application.

Oracle Application Server 10g: Administration I 1-9

Unit 5: Managing Access Control
This unit covers the following lessons: • Configuring Oracle Application Server components in Oracle Internet Directory • Managing Access to Oracle Application Server Using Delegated Administration Service • Administering the OracleAS Single Sign-On server • Managing and Configuring OracleAS Certificate Authority • Enhancing Oracle Application Server Components to Use SSL

Copyright © 2004, Oracle. All rights reserved.

Managing Access Control You will learn the concepts of Identity Management. You learn to manage users and groups in OID by using Oracle Directory Manager. Additionally, you learn how user passwords are managed for different components. The Delegated Administration Service (DAS) enables end users to modify their own passwords without the intervention of an administrator. You learn how to start and stop it, and implement security for OracleAS Portal and portlets. OracleAS Single Sign-On (SSO) is designed to work in an environment, where multiple Webbased applications are accessible through a portal. You learn to configure and administer the Single Sign-On server by using GUI and command-line interfaces. OracleAS Certificate Authority can seamlessly provision new digital certificates. You learn to access the GUI-based tools to create and administer certificates. You will learn to create and maintain wallets by using Oracle Wallet Manager and enable SSL for OHS, OracleAS Portal, and OracleAS Web Cache.

Oracle Application Server 10g: Administration I 1-10

Unit 6: Distributed Topologies
This unit covers the following lessons: • Managing Customized OracleAS Topologies • Distributing OracleAS Infrastructure Components

Copyright © 2004, Oracle. All rights reserved.

Distributed Topologies Oracle Application Server provides considerable flexibility in deploying the Application Server. You will learn the salient aspects of some of the common deployment scenarios. You will also be able to evaluate the priorities of various configuration choices that are suitable to your organization. Although the default installation is good for many organizations, you will learn how to install/configure OracleAS components to best suit the needs of your organization. You will learn to locate different Oracle Application Server components such as metadata repository and OID in different databases for performance or ease of management.

Oracle Application Server 10g: Administration I 1-11

Unit 7: Performance and Availability
This unit covers the following lessons: • Introducing High Availability Concepts • Managing and Configuring OracleAS Web Cache Clusters • Managing and Configuring OC4J Clusters • Managing and Configuring OracleAS Clusters • Ensuring Performance of the OracleAS Middle-Tier • Backing Up and Restoring OracleAS

Copyright © 2004, Oracle. All rights reserved.

Performance and Availability You learn the high availability concepts and the features that are provided with OracleAS Middle-Tier and Infrastructure. You will learn how OracleAS provides for failover and load balancing of stateless and stateful J2EE applications. You will configure OC4J islands and demonstrate the failover of stateful applications. You will learn how you can configure, manage, and use cache clusters to improve availability and performance of your application servers.

Oracle Application Server 10g: Administration I 1-12

Unit 8: Advanced Deployment
This unit covers the following lessons: • Reconfiguring OracleAS Middle-Tier Instance • Administering OracleAS Business Intelligence Components • Deploying XML, Web Services, and Forms Applications

Copyright © 2004, Oracle. All rights reserved.

Advanced Deployment You will learn to change the configuration of OracleAS to help avoid conflicts for resources such as ports, and IP address. You will also learn how to configure a J2EE and Web Cache type installation to use OracleAS Infrastructure. You also learn the concepts of Web services, Form service, and XML. Additionally, you learn how to manage Web Service and Form Service deployments on OracleAS. You will learn about various Business Intelligence components such as OracleAS Discoverer, OracleAS Reports, and OracleAS Personalization. You will learn how to view Business Intelligence reports by using OracleAS Discoverer and OracleAS Reports. You also learn to configure various OracleAS Business Intelligence components.

Oracle Application Server 10g: Administration I 1-13

Summary
In this introductory lesson, you should have learned about the course units and lessons.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 1-14

Oracle Application Server: Key Components and Features

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Describe the solution areas addressed by Oracle Application Server (OracleAS) • Describe some key terminologies used in the context of Oracle Application Server • Describe the key components of Oracle Application Server

Copyright © 2004, Oracle. All rights reserved.

Objectives The Oracle Application Server solution areas and product components are discussed to explain the installation type that are necessary for your business goals. The key solution areas addressed by Oracle Application Server are as follows: • J2EE, Web services, and Internet applications • Creating personalized portals • Wireless-enabled applications • Accelerating performance with caching • Providing Business Intelligence for the Web • Managing and securing Web infrastructure

Oracle Application Server 10g: Administration I 2-2

Oracle Application Server: Overview
Management & security HTTP Server, J2EE, & Web services Portal

Wireless

Caching Business intelligence Integration
Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server: Overview Oracle Application Server is a complete and integrated platform to develop, deploy, and administer Internet-based applications. Oracle Application Server addresses the following solution areas: HTTP Server, J2EE, and Web Services • The Oracle HTTP Server functions as the HTTP interface for all the Oracle Application Server components. • Oracle Application Server is built on the J2EE framework. It enables you to design, develop, and deploy dynamic Web sites, portals, and transactional applications by using familiar languages and technologies. • Oracle Application Server also provides comprehensive Web services to expose business functions to authorized parties over the Internet from any Web device. Portals • You can use Oracle Application Server to build, deploy, and maintain self-service and integrated enterprise portals. Oracle Application Server enables self-service content management and publishing, wizard-based development, and deploying, publishing, and consuming Web services on an extensible framework.

Oracle Application Server 10g: Administration I 2-3

Oracle Application Server: Overview (continued) Wireless • OracleAS Wireless provides a simplified development and deployment of applications in a wireless environment. In addition, OracleAS Wireless includes wireless services, such as email and location-based services that simplify wireless-enabling applications and portals. Caching • OracleAS provides a Web caching solution with the unique capability of caching both static and dynamically generated Web content. OracleAS Web Cache significantly improves the performance and scalability of heavily loaded Web sites. In addition, the Web cache provides a number of features to ensure consistent and predictable responses. These features include page fragment caching, Edge Side Includes (ESI) and Edge Side Includes for Java (JESI) support, compression, dynamic content assembly, Web server load balancing, Web cache clustering, and failover. Business Intelligence • Using the Oracle Application Server business intelligence features, you can dynamically serve personalized content recommendations to both registered and anonymous visitors as they browse your site; perform dynamic, ad hoc query reporting and analysis using a standard Web browser; and publish high-quality, dynamically generated reports on a scalable, secure platform. Integration • Using Oracle Application Server, you can integrate enterprise applications, trading partners, and Web services, and provide query and transaction access to many non-Oracle data sources. Availability and Scalability • Oracle Application Server provides a flexible deployment model that allows you to architect your system for high availability and scalability. Management and Security • Oracle Application Server provides a set of management facilities to simplify Web site administration. You can: - Use the Application Server Control to configure and monitor OracleAS instances to optimize them for performance and scalability. When you need to use the command line interfaces, you can use DCMCTL to perform configuration management, and OPMNCTL to perform process management. - Use encrypted secure sockets layer (SSL) connections, user and client certificate-based authentication, and single sign-on across all applications - Implement an LDAP directory that provides a single repository and administration environment for user accounts

Oracle Application Server 10g: Administration I 2-4

OracleAS Middle-Tier Components and Solutions
J2EE and Web Services
Oracle HTTP Server OracleAS Containers for J2EE OracleAS TopLink Oracle Business Components for Java OracleAS Web Services Oracle XML Developer Kit Oracle PL/SQL OracleAS MapViewer

Portal
OracleAS Portal OracleAS Portal Developer Kit

Wireless
OracleAS Wireless

Caching
OracleAS Web Cache

Business Intelligence
OracleAS Reports Services OracleAS Forms Services OracleAS Discoverer OracleAS Personalization

Integration
OracleAS InterConnect OracleAS ProcessConnect

Copyright © 2004, Oracle. All rights reserved.

OracleAS Middle-Tier Components and Solutions Oracle Application Server provides several components that help you develop, deploy, and administer your Internet-based applications. These components and the solution areas they address are highlighted in the slide. In this lesson, you will be introduced to some of the important components of Oracle Application Server such as Oracle HTTP Server, OracleAS Containers, OracleAS Web Cache. Later in the course, you will also learn about Oracle Application Server components that are used to administer Oracle Application Server, such as OracleAS Infrastructure, OracleAS Process Monitoring and Notification System, and Distributed Configuration Manager. OracleAS MapViewer is a J2EE service for rendering maps using spatial data that is managed by Oracle Spatial.

Oracle Application Server 10g: Administration I 2-5

Oracle Application Server Terminology
OracleAS Installation OracleAS Instance OracleAS Infrastructure Metadata Repository Directory Server OracleAS Farm The set of executables and configuration files that are created at the time of OracleAS installation An operational OracleAS installation that runs some of the OracleAS components such as OHS, OC4J, etc. A combination of Metadata Repository, directory server, and Single Sign-On server A preseeded Oracle database that contains metadata required by Oracle Application Server instances Defines a hierarchical view of an organization’s employees, units, and other resources A collection of OracleAS instances sharing the same configuration repository. The repository can be OracleAS Metadata Repository or a file-based repository. A collection of OracleAS Instances in the same Farm, with identical application deployments and functioning as a single unit.

OracleAS Cluster

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Terminology This slide gives a brief introduction to some of the key terms that are used in the administration of OracleAS. For a detailed glossary, refer to “Appendix C – Glossary.”

Oracle Application Server 10g: Administration I 2-6

Oracle HTTP Server

Information source

Copyright © 2004, Oracle. All rights reserved.

Oracle HTTP Server Oracle HTTP Server (OHS) is the underlying deployment platform and provides a Web listener for OracleAS Containers for J2EE (OC4J) and the framework for hosting static and dynamic pages and applications over the Web. Oracle HTTP Server is based on Apache, and has been enhanced with the following additional modules: • mod_plsql: Routes requests for stored procedures to the database server • mod_perl: Routes PERL requests to the PERL interpreter • mod_fastcgi: Supports persistent CGI processes • mod_oc4j: Routes communication between Oracle HTTP Server and OracleAS Containers for Java (OC4J) • mod_oradav: Supports file- as well as database-distributed authoring and versioning • mod_ossl: Enables strong cryptography for Oracle HTTP Server, and enables the server to use SSL. • mod_osso: Routes requests to the Single Sign-On server This is not a complete list, and some of the modules will be discussed in detail later. With Oracle Application Server, developers can choose familiar languages and technology to build Web sites and applications, including Java, XML, PL/SQL, PERL, C, C++, and Distributed Authoring and Versioning (DAV).

Oracle Application Server 10g: Administration I 2-7

OracleAS Containers for J2EE
HTTP server OC4J mod_oc4j

J2EE virtual machine Web container JSP JMS JAAS Servlet JTA
Java Mail

EJB container EJB JAXP JDBC Database

JNDI

JAF

Connectors

Copyright © 2004, Oracle. All rights reserved.

OracleAS Containers for J2EE The J2EE platform that is provided in Oracle Application Server uses a multi-tiered distributed application model that divides application logic into components according to function. A container provides the run-time support for J2EE application components. Containers provide a federated view of the underlying J2EE APIs to the application components. OracleAS Containers for J2EE (OC4J) is a J2EE server implementation that runs on a standard Java Virtual Machine (JVM). OC4J has the following J2EE containers: • The Web Container that has: - A servlet container - A JSP container • An EJB container that has - Session Beans - Entity Beans - Message-Driven Beans The J2EE concepts are further explained in Appendix D.

Oracle Application Server 10g: Administration I 2-8

OracleAS Web Services

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Services You can use Web Services to expose your applications in a manner you choose so that they can receive formatted instructions over the Web. A Web service is a discrete business process that: • Exposes and describes its functionality and attributes in Web Services Description Language (WSDL) • Uses the Universal Description, Discovery and Integration (UDDI) registries to allow other services to locate a service on the Web such as the translation or currency converter service • Allows remote services to invoke a service using standard Internet protocols • Returns a response to the requesting application over the same protocol OracleAS Web Services provide support for developing and deploying Web services. OracleAS Web Services run as servlets in the OC4J servlet container. OracleAS Web Services support both Remote Procedure Call (RPC) style exchange and message-oriented, or Document Style exchange.

Oracle Application Server 10g: Administration I 2-9

OracleAS Enterprise Portal

Copyright © 2004, Oracle. All rights reserved.

OracleAS Enterprise Portal Portals allow clients to access information through any Web browser. This information usually comes from different data sources that the portal combines into a single entry point. Portals also support personalized views, so that each user or user group can customize both the content and the appearance of the portal to suit individual preferences and requirements. OracleAS Portal is a Web-based tool for building and deploying e-business portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. It enables you to efficiently manage, access, and interact with information by enabling you to create portal pages. OracleAS Portal has an extensible framework that integrates information components called portlets. The portlets are Web-based resources such as Web pages, applications, business intelligence reports, and syndicated content feeds within standardized, reusable information components. OracleAS Portal interface provides an organized, consistent view of the business information, Web content, and applications that each user needs. OracleAS Portal self-service publishing features allow authorized users to post and share any kind of document or Web content with other users anywhere in the world.

Oracle Application Server 10g: Administration I 2-10

Wireless-Enabled Applications

Using OracleAS Wireless, you can: • Develop or extend applications to be locationbased, personalized, or voice-enabled and deploy to all devices • Provide personalization from PCs or wireless devices • Use advanced messaging techniques such as voice messaging, Short Message Service (SMS), or e-mail
Copyright © 2004, Oracle. All rights reserved.

Wireless-Enabled Applications Mobile users increasingly rely on wireless devices for communication while away from the office. OracleAS Wireless enables enterprises and service providers to efficiently build, manage, and maintain wireless and voice applications. OracleAS Wireless also provides: • Geographic modeling that turns existing applications into location-based applications • E-mail and directory modules to access corporate e-mail and directory applications: - mWallet supports mobile commerce transactions and tracking. - Mobile E-mail supports accessing IMAP and POP e-mail. - Mobile Directory supports access to LDAP directories. - Mobile Calendar provides schedule and appointment management. - Instant Messaging supports exchanging instant messages from mobile devices. • Open platform standards for simple development and easy integration with existing applications • Tools to turn applications into voice applications accessible from non-Web phones - Service Designer helps developers manage applications. - Content Development Tool helps the end user to increase his mobile experience. - Help Desk provides support to end users. - System Monitor helps manage the OracleAS Wireless environment.

Oracle Application Server 10g: Administration I 2-11

OracleAS Reports Services

With OracleAS Reports Services, you can: • Build and publish reports from most sources, with unlimited data formatting • Access reports from any browser • Generate a report on demand, or on a schedule • Generate reports in HTML, PDF, or XML

Copyright © 2004, Oracle. All rights reserved.

OracleAS Reports Services Developers can build and publish sophisticated, high-quality reports from any source, with unlimited data formatting, and deploy them seamlessly on Oracle Application Server. Both developers and users can access OracleAS Reports Services from any browser, because all report definition files are stored on the OracleAS middle-tier. Reports Services leverages middletier load balancing and caching to provide high volumes of reports, without excessive demands on limited resources. Users can also link to published reports from OracleAS Portal. Depending on the report configuration, it can be generated on demand or scheduled for a specific time or at a specific interval and stored on the middle tier for rapid retrieval. Reports Services can generate reports in HTML for Web publishing, in PDF to enable highquality viewing and printing, or in XML to communicate data to XML-aware tools or Web sites. Regardless of format, OracleAS can ensure secure distribution of reports by allowing only specific database roles to access the report, and validating user credentials against a Single SignOn server and Oracle Internet Directory (OID).

Oracle Application Server 10g: Administration I 2-12

OracleAS Discoverer

•

•

Using OracleAS Discoverer, you can enable your users to get immediate access to information from data marts, data warehouses, and online transaction processing (OLTP) systems. OracleAS Discoverer is available in two types of clients:
– Discoverer Plus – Discoverer Viewer
Copyright © 2004, Oracle. All rights reserved.

OracleAS Discoverer OracleAS Discoverer is a tool with an ad hoc query, reporting, analysis, and Web publishing capabilities. Discoverer works with any OLTP or data warehouse and supports Oracle Applications. With Discoverer, business users at all levels of the organization can gain immediate access to information from data marts, data warehouses, and online transaction processing (OLTP) systems. You can rapidly view information in customizable summary formats, drill down to detail views, and perform complex calculations on data, including analytic functions available in the Oracle database. OracleAS Discoverer is available in two types of clients: • Discoverer Plus, which runs as a Java applet and features user-defined queries and reports • Discoverer Viewer, which runs in a browser and provides casual users with access to predefined queries and drill-down reports

Oracle Application Server 10g: Administration I 2-13

OracleAS Web Cache
OracleAS Web Cache functions as a front end for the application servers.
Application Server

Web Cache

Client

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache OracleAS Web Cache functions as a front end for the application servers. The first time that OracleAS Web Cache receives an HTTP or HTTPS request, it forwards the request to an HTTP server for processing. Web Cache stores the response in memory based the defined caching rules so that it can respond directly to future requests. Web Cache understands HTTP headers, including cookies, and makes caching decisions based on administrator or application-defined rules. To invalidate the cache, administrators can specify expiration policies or applications can send an HTTP invalidation message. Deploying the Web cache before a farm of application or HTTP servers enables clustering, surge protection, and Web server load balancing, so that cache misses are directed to the most available, highest-performing origin Web server.

Oracle Application Server 10g: Administration I 2-14

Enhancing Performance with Caching
• OracleAS Web Cache enables you to:
– Accelerate the delivery of static and dynamic content – Reduce your hardware and administration costs

•

You can cluster multiple Web cache instances to provide
– Ease of configuration and management – Avoid a single point of failure

Copyright © 2004, Oracle. All rights reserved.

Accelerating Performance with Caching OracleAS Web Cache can render the service from a Web site faster by reducing unnecessary hits on the other middle-tier and back-end components. Furthermore, deploying Web Cache helps to reduce your hardware and administration costs. In a distributed environment, you can deploy Web Cache on machines at remote sites instead of deploying multiple HTTP servers. As a result, many requests can be handled locally by Web Cache, avoiding middle-tier and back-end processing, as well as slower throughput on WANs. Web Cache accelerates delivery of both static and dynamic contents. Web Cache also provides load balancing, by distributing cache miss requests according to the relative capacity of each HTTP server. Multiple instances of Web Cache, called cluster members, can operate as one logical cache. They communicate with one another to request cacheable content that is cached by another cache cluster member and to detect when a cache cluster member fails. To enable cache clusters to function as a single unit, you need to setup a load balancer.

Oracle Application Server 10g: Administration I 2-15

Oracle Application Server Management
Oracle Application Server provides the following management tools ready to use: • Enterprise Manager - Application Server Control
– The preferred browser-based interface, which can be used from a remote location

•

Distributed Configuration Management (DCM)
– Manages the configuration and maintains the configuration repository – dcmctl is the command-line interface.

•

Oracle Process Management and Notification Server (OPMN)
– Monitors Oracle Application Server processes, and restarts them when needed – opmnctl is the command-line interface.
Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Management The primary tool for managing Oracle Application Server, as well as your entire Oracle environment, is Oracle Application Server. The Oracle Enterprise Manager Application Server Control is installed with every instance of Oracle Application Server and immediately provides you with the management tools that you need to monitor and administer a single Oracle Application Server instance, a farm of application server instances, or an Oracle Application Server cluster. In addition to Oracle Enterprise Manager, Oracle Application Server provides command-line interfaces to several key management technologies. The command-line tools can help you automate your management procedures with scripts and custom utilities. The two most important command-line tools are the following: • opmnctl, which provides a command-line interface to Oracle Process Management Notification (OPMN) • dcmctl, which provides a command-line interface to Distributed Configuration Management (DCM)

Oracle Application Server 10g: Administration I 2-16

OracleAS Infrastructure
Identity management components
Oracle Internet Directory Single Sign-On Delegated administration service Oracle Certificate Authority

Directory integration

Product

Identity management

Configuration management

Metadata repositories
Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure OracleAS Infrastructure provides centralized services that are related to the product metadata, identity management, and configuration management. OracleAS Infrastructure provides centralized identity management services, configuration information, and data repositories for middle-tier installations. The key features that middle-tier instances typically use are the following: • Product Metadata Service: Product Metadata Service provides all of the metadata that the middle-tier instances require. It is bundled as part of the OracleAS Infrastructure. Product Metadata is looked up by middle-tier OracleAS instances for the successful execution of applications. Product metadata is not accessed directly by the customer applications. • Security Service: Security Service provides a consistent security model for all Oracle Application Server applications. It also provides a single source of identity metadata that contains all administration and user privileges.

Oracle Application Server 10g: Administration I 2-17

Oracle Internet Directory and Security

Copyright © 2004, Oracle. All rights reserved.

Oracle Internet Directory and Security Oracle Internet Directory (OID) is an LDAP server that can be used to store all of the credentials required for the enterprise. Oracle Internet Directory offers comprehensive and flexible support for directory access control. This includes entry-level, attribute-level, and prescriptive access control, to provide varying levels of security to fit enterprise and service provider needs. OID implements three levels of user authentication: • Anonymous • Password-based • Certificate-based, using secure sockets layer (SSL) for authenticated access and data privacy The Web-based Delegated Administration Service (DAS) enables application administrators to delegate user management tasks such as granting or restricting access to a specific directory attribute, entry, group, or naming context to application users. After OID is deployed, organizations can use OracleAS Single Sign-On to provide a single point of validation for user credentials. After users sign on successfully, their credentials are automatically retrieved from OID when they launch any Oracle partner application.

Oracle Application Server 10g: Administration I 2-18

Securing the Web Infrastructure
• • Secure sockets layer (SSL) encryption can be used to protect the Web site. Oracle Application Server provides a comprehensive suite of security services, including OracleAS Single Sign-On. The Single Sign-On server validates user credentials against Oracle Internet Directory, which is an LDAP directory service.

•

Copyright © 2004, Oracle. All rights reserved.

Securing the Web Infrastructure For network encryption and authentication, Oracle Application Server provides a comprehensive suite of security services, including OracleAS Single Sign-On. The Single Sign-On server validates user credentials against Oracle Internet Directory, an LDAP directory service. Also, secure sockets layer (SSL) encryption can be used to protect these transactions against malicious intrusion.

Oracle Application Server 10g: Administration I 2-19

Oracle Application Server: Quick Tour

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server: Quick Tour A good starting point to get familiar with and learn about features of Oracle Application Server is to access the Quick Tour. You can find the Quick Tour in the Oracle Application Server documentation library. The Oracle Application Server documentation library is available: • On a separate CD in the Oracle Application Server CD pack • On Oracle Technology Network Web site at
http://otn.oracle.com/products/ias/index.html

Oracle Application Server 10g: Administration I 2-20

Summary
In this lesson, you should have learned to do the following: • Describe the solution areas addressed by Oracle Application Server • Describe the key components of Oracle Application Server and their features

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 2-21

Analyzing the Oracle Application Server Architecture

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Explain the different installation options for Oracle Application Server • Explain the installation dependencies of Oracle Application Server components • Explain the request flow to various components

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 3-2

Oracle Application Server Products

Application Server Control is installed with each Oracle Application Server installation.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Products Oracle Application Server comprises three product sets. • Oracle Application Server: Oracle Application Server is an integrated platform that enables you to deliver Web content, host Web applications, connect to back-office applications, and access your data on wireless devices. • OracleAS Infrastructure: OracleAS Infrastructure consists of an Oracle database, Single Sign-On (SSO) server, and directory server. The database contains a collection of schemas and metadata that are used by the Oracle Application Server components. OracleAS Infrastructure is required for most OracleAS middle-tier applications. It must be installed and configured before you install the Oracle Application Server. You should install Infrastructure on a dedicated machine for optimal performance. • OracleAS Developer Kits: OracleAS Developer Kits allow the user to create XML applications, develop portlets, enable wireless applications, integrate Web sites with wireless devices, and develop application provider Web services. OracleAS Developer Kits install Oracle XML Developer Kit, OracleAS Portal Developer’s Kit, OracleAS Wireless Developer Kit, and Oracle LDAP Developer’s Kit.

Oracle Application Server 10g: Administration I 3-3

Oracle Application Server Installation Types
Each Oracle Application Server product has installation types that enable you to select the Oracle Application Server components for your installation.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Installation Types Each Oracle Application Server product provides installation types that enable you to select the Oracle Application Server components for your installation. The Oracle Application Server offers the following installation types: • J2EE and Web Cache: Provides a basic Web server which implements Java 2 Platform, Enterprise Edition (J2EE) applications and accelerates Web caching • Portal and Wireless: Enables the deployment of enterprise portals and wireless applications. This installation type includes the components available in the J2EE and Web Cache edition. • Business Intelligence and Forms: Enables personalization of applications, and deployment of OracleAS Discoverer and Web-based reports. It includes components available in the Portal and Wireless edition, and also features Forms Services. Before installing an instance of either Portal and Wireless, or Business Intelligence and Forms, you must install and configure the OracleAS Infrastructure somewhere in your network, optimally on a separate machine.

Oracle Application Server 10g: Administration I 3-4

OracleAS Infrastructure Installation Types
• OracleAS Infrastructure components are grouped into two categories:
– Identity Management components – OracleAS Metadata Repository components

•

During an OracleAS Infrastructure installation, you can choose to install:
– Identity Management – Metadata Repository – Both Identity Management and Metadata Repository

•

This provides you with the flexibility to install different components on different systems or databases.
Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure Installation Types Oracle AS components are grouped into Identity Management components and OracleAS Metadata Repository. This grouping provides you with the flexibility to install the OracleAS Infrastructure components over multiple computers or databases. For example, you can install OracleAS Metadata Repository on one computer, and the Identity Management components on another computer. You can also install the Identity Management components over multiple computers as well. Selecting either the “OracleAS Metadata Repository” or the “OracleAS Metadata Repository and Identity Management” option causes the Installer to create a new database and populate it with OracleAS Metadata Repository. When you install only OracleAS Metadata Repository, the Application Server Control is not installed, instead, you can use the Oracle Enterprise Manager Database Control to manage the OracleAS Metadata Repository. Selecting Identity Management option requires that you have an existing OracleAS Metadata repository. You can use an existing database for creating OracleAS Metadata Repository using the repository creation utility.
Oracle Application Server 10g: Administration I 3-5

OracleAS Middle-Tier Components
Installation Type
J2EE and Web Cache OracleAS Web Cache Oracle HTTP Server X X X X Portal and Wireless X X X X X X BI and Forms X X X X X X X X X X

Component

OracleAS Containers for J2EE (OC4J) Oracle Enterprise Manager Application Server Control OracleAS Portal OracleAS Wireless OracleAS Discoverer OracleAS Reports Services OracleAS Forms Services OracleAS Personalization

Copyright © 2004, Oracle. All rights reserved.

OracleAS Middle-Tier Components The table in the slide lists the installation options for Oracle Application Server, and the components that are installed with each option. As explained earlier, each installation will install all of the components that are applicable to that installation type in all situations. The user can control what is configured, but not what is installed. J2EE and Web Cache Installation You can use the J2EE and Web Cache installation type to develop and deploy Java and J2EE applications, to improve the speed of your Web site with Web cache, and to use J2EE- and Simple Object Access Protocol (SOAP)-based Web services. This topology does not support single sign-on or clustering functionality. In order to use single sign-on or clustering functionality, or Oracle Internet Directory, you must install OracleAS Infrastructure. But for J2EE and Web Cache installation type it is not a prerequisite to have the OracleAS Infrastructure installed.

Oracle Application Server 10g: Administration I 3-6

OracleAS Middle-Tier Components (continued) Oracle HTTP Server Based on the industry-leading Apache Web Server, Oracle’s HTTP Server is the HTTP listening entry point to Oracle Application Server. Oracle HTTP Server incorporates extended Apache functionality to provide SSL and HTTPS support. The Oracle HTTP Server dispatches requests to invoke program logic written in Java, PL/SQL, PERL, or as CGI executables through a standard Apache module architecture. OracleAS Web Cache OracleAS Web Cache operates as a caching reverse proxy server that is situated in front of the Oracle HTTP Server. It improves performance of Web server instances by storing frequently accessed pages in memory, eliminating the need to repeatedly process requests for pages from the Web server, the applications, or the Oracle database. OracleAS Containers for J2EE (OC4J) Oracle Application Server provides a fast, lightweight, highly scalable, easy-to-use, and complete Java 2 Platform, Enterprise Edition (J2EE) container written entirely in Java that executes on the standard Java Development Kit (JDK) or Java Virtual Machine (JVM) available on the operating systems and hardware platforms on which Oracle Application Server is certified. OracleAS Web Services (including SOAP) Web Services are a set of emerging standards that enable Internet applications to be developed and deployed in a service-oriented architecture and to communicate with each other in standard ways. Application Server Control Application Server Control is the Web-based administration interface for centrally managing your Oracle Application Server platform. The Application Server Control provides a fully integrated monitoring, management, and diagnostics environment specifically for Oracle Application Server.

Oracle Application Server 10g: Administration I 3-7

Installation Types That Require Infrastructure
• The following installation types need the OracleAS Infrastructure as a prerequisite:
– Portal and Wireless – Business Intelligence and Forms

•

In a J2EE and Web Cache installation type, you would require:
– OracleAS Metadata Repository to use Application Server Cluster managed using database repository – OracleAS Identity Management to use Single SignOn

Copyright © 2004, Oracle. All rights reserved.

Installations That Require Infrastructure The J2EE and Web Cache installation type does not require the OracleAS Infrastructure. It is necessary to have OracleAS Identity Management already installed if you intend to use Single Sign-On. Similarly you would need OracleAS Metadata Repository installed to use the database managed application server clustering. An application server cluster is a collection of application server instances with identical configuration and application deployment. Clusters enforce homogeneity among member instances so that a cluster of application server instances can appear and function as a single instance. Before installing the Portal and Wireless, or Business Intelligence and Forms installation types, you must install and configure the OracleAS Infrastructure somewhere in your network, optimally on a separate machine.

Oracle Application Server 10g: Administration I 3-8

OracleAS Infrastructure Components
Identity management components
Oracle Internet Directory Single Sign-On Delegated administration service Oracle Certificate Authority

Directory integration

Product

Identity management

Configuration management

Metadata repositories
Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure Components Infrastructure components can be grouped into Identity Management components and OracleAS Metadata Repository components. When you install Infrastructure, you can specify if you want to install the Identity Management components, the OracleAS Metadata Repository, or both. The Oracle HTTP Server, OC4J, and the Application Server Control components are always installed, regardless of the installation type you selected. • Identity Management Components: These components provide directory, security, and user-management functionality. Some of these components (such as OracleAS Single Sign-On) have schemas in the OracleAS Metadata Repository. - Oracle Internet Directory (OID) - OracleAS Single Sign-On - Oracle Delegated Administration Services - Oracle Directory Integration and Provisioning - OracleAS Certificate Authority • OracleAS Metadata Repository is a collection of schemas that are used by other Oracle Application Server components. The schemas can be grouped into these categories: - Product metadata - Identity Management metadata - Configuration Management metadata
Oracle Application Server 10g: Administration I 3-9

Services and Components of OracleAS Infrastructure
Service
Product Metadata service Identity Management service

Description
Schemas for components such as Portal and Wireless A consistent security model for all applications. Single source of security metadata containing all administration and user privileges Schemas containing OracleAS instance configuration

Component(s)
• OracleAS Metadata Repository • Oracle Internet Directory • OracleAS Single Sign-On • Oracle Delegated Administration Services • Oracle Directory Integration and Provisioning • OracleAS Certificate Authority • OracleAS Metadata Repository

Configuration Management service

Copyright © 2004, Oracle. All rights reserved.

Services and Component Matrix for OracleAS Infrastructure You must install the OracleAS Infrastructure before you can install Oracle Application Server (middle tier) because the information about Oracle Internet Directory and the Metadata Repository is required during the middle-tier installation.

Oracle Application Server 10g: Administration I 3-10

Order of Installing OracleAS Infrastructure Components
• When you choose to install components on different systems:
– First install the Metadata Repository – Then install Identity Management components

•

When you install both, the Installer uses the correct order.
Installer

1
Metadata repository

2
Identity management

Copyright © 2004, Oracle. All rights reserved.

Order of Installing OracleAS Infrastructure Components If you plan to install the OracleAS Infrastructure on separate computers, you must install them in the following order: • Install the OracleAS Metadata Repository. - You can have the Installer create a new database and populate it with the OracleAS Metadata Repository, or you can install the OracleAS Metadata Repository in an existing database. - You cannot register the OracleAS Metadata Repository with Oracle Internet Directory at this point, because you do not have an Oracle Internet Directory yet. The registration is done in the next step. • Install the Identity Management components. - The Installer prompts you to enter the connect information for the OracleAS Metadata Repository database. - The Installer registers the OracleAS Metadata Repository with the newly created Oracle Internet Directory. The Installer installs the components in the proper order when you choose to install both the OracleAS Metadata Repository and the Identity Management components on the same computer.
Oracle Application Server 10g: Administration I 3-11

OracleAS Developer Kits
OracleAS Developer Kit enables the user to: • Develop portlets • Enable wireless applications • Integrate Web sites with wireless devices • Develop application provider Web services • Create XML applications

Copyright © 2004, Oracle. All rights reserved.

OracleAS Developer Kits OracleAS Developer Kits include the Portal, Wireless, XML, and Lightweight Directory Access Protocol (LDAP) developer kits. In addition, Oracle Application Server provides other toolkits for developing applications. For more information about installing OracleAS Developer Kits, see Oracle Application Server Installation Guide, Chapter 5: “OracleAS Developer Kits.”

Oracle Application Server 10g: Administration I 3-12

Introducing OracleAS Deployments
• • OracleAS Infrastructure and OracleAS middle tier components can share the same database. Sharing a database for configuration management and normal activity can become a performance problem.

Copyright © 2004, Oracle. All rights reserved.

Deployment Topologies All of the Oracle Application Server middle-tier and OracleAS Infrastructure components can share the same OracleAS Infrastructure database. However, this results in less than optimal performance of your shared metadata repository if you plan on increased usage of certain components of your installed Application Server. For example, OracleAS Portal, Oracle Internet Directory, and Oracle Reports Server use the infrastructure database. You should install portions of Oracle Application Server on separate databases for best performance. Note: The Oracle Application Server product types can be installed as single or multiple instances on one or many hosts.

Oracle Application Server 10g: Administration I 3-13

A Simple Oracle Application Server Topology
Client tier PC Host 1 Middle tier
J2EE and Web cache Portal and wireless

Infrastructure Single sign-on OID

Cell phone Host 2
Portal and wireless BI and forms

Metadata repository

PDA

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Topology In this example, the middle-tier contains multiple instances of J2EE and Web Cache and Portal and Wireless that reside on two different machines or hosts. Any combination of these or Business Intelligence and Forms can coexist on one host. OracleAS Infrastructure, including the Single Sign-On (SSO) server and Oracle Internet Directory (OID) enables the Oracle Application Server.

Oracle Application Server 10g: Administration I 3-14

Using OracleAS Infrastructure
• The primary purpose of OracleAS Infrastructure is to provide support for OracleAS Middle Tier installations. OracleAS Infrastructure enables the deployment of Single Sign-On, OID, and Oracle Application Server Cluster that are managed using database repository.
Host 2 SSO Portal and wireless Metadata repository OID

•

Host 1

Copyright © 2004, Oracle. All rights reserved.

Using OracleAS Infrastructure The diagram in the slide explains a single installation of Portal and Wireless on one machine (Host1) using OracleAS Infrastructure installed on another machine (host2). The OracleAS Infrastructure installation enables deployment of applications that use enterprisewide single sign-on capabilities, as well as application server clusters (of J2EE instances) managed using database repository. Besides J2EE and Web Cache, single or multiple instances of OracleAS Portal and Wireless, and OracleAS Business Intelligence and Forms, can also be installed on each of the hosts in the diagram. In order to use any of these, you must have installed OracleAS Infrastructure.

Oracle Application Server 10g: Administration I 3-15

Oracle Application Server and Infrastructure
Two or more installations of Oracle Application Server can share one OracleAS Infrastructure.
Host 1 J2EE and Web cache Portal and wireless Host 2 Business intelligence and forms J2EE and Web cache
Metadata repository

Host 3 SSO

OID

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server and Infrastructure Multiple instances of Oracle Application Server that refer to the same or different installation options can use one instance of the OracleAS Infrastructure. Choosing to use OracleAS Infrastructure enables the Oracle Application Server installations to use single sign-on functionality or Oracle Internet Directory. In the case of identical configuration of installations, which is not the case on the preceding slide, the Infrastructure also allows to cluster those installations.

Oracle Application Server 10g: Administration I 3-16

OracleAS Web Cache
OracleAS instances

Internet Load balancer OracleAS Web cache Data

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache OracleAS Web Cache is a content-aware reverse proxy and content accelerator that can be clustered to provide scalability and availability. To Web browsers, OracleAS Web Cache acts as the virtual server for application Web servers. You configure a Load Balancer with the same IP address that is registered for a site’s domain name and the application Web servers’ host names. This Load Balancer receives requests for OracleAS Web Cache. This configuration enables Web browsers to communicate with OracleAS Web Cache rather than application Web servers when accessing a Web site. OracleAS Web Cache attempts to handle a request for cacheable content from its memory cache. If that is not successful, it will pass the request to an application server instance.

Oracle Application Server 10g: Administration I 3-17

OracleAS Portal
Web providers OracleAS
Oracle HTTP Server
mod_oc4j

Parallel page engine Portal cache

mod_plsql

Web cache

Database providers

Copyright © 2004, Oracle. All rights reserved.

OracleAS Portal You can use OracleAS Portal to build and customize Enterprise Information Portals (EIP). The request enters the server farm through OracleAS Web Cache and is evaluated by the Oracle HTTP Server (OHS). The packages that define the objects and pages reside as packages in the database. The parallel page engine is a multithreaded servlet running in OC4J. Also, you can enable OracleAS Web Cache to perform the task of assembling pages. After the page is assembled, it is returned to the client. For a detailed description of OracleAS Portal, refer to Appendix 5.

Oracle Application Server 10g: Administration I 3-18

OracleAS Wireless
Browsing
Browsers on Laptops, PDAs, Phones

Voice
Cell Phone Regular Phone

Messaging
E-mail, SMS, Fax, Voice, Pager

J2ME
J2ME

OracleAS Wireless

User

Channel

Wireless connection

Mobile platform

Content

Copyright © 2004, Oracle. All rights reserved.

OracleAS Wireless OracleAS Wireless includes a set of services that allows content access by wireless devices. The base station and IP router convert the signals between wire and radio waves. The Wireless Access Protocol (WAP) gateway is responsible for making the XML data translation from the required format of the specific device to a standard XML message and back. This allows the Oracle Application Server to service the requests as standard requests, so that a single application can be accessed from any device.

Oracle Application Server 10g: Administration I 3-19

Wireless-Enabled Portal
OracleAS Portal HTTP HTTP/HTML XML WAP HTTP WML HDML cHTML Wireless XML

PC

Wireless network provider WAP gateway

Wireless client

OracleAS Wireless

Copyright © 2004, Oracle. All rights reserved.

Mobile Portal Architecture OracleAS Portal can be accessed not only from Web browsers through HTTP, but from mobile devices as well. Requests for portal pages coming from a mobile device over Wireless Application Protocol (WAP) need to go through a WAP gateway, the wireless network provider (for example, PacBell or Sprint PCS), which authenticates the wireless device and the subscriber. The wireless network provider sends the user information (for example, the phone number), device identification (for example, the model, browser/mobile language type), and location (for example, the spatial information such as subscriber location within the cell site) to the OracleAS Wireless that acts as an intermediary between the mobile device and portal. The requests are passed to the portal which responds with a deviceindependent markup language, mobileXML. OracleAS Wireless then transforms the mobileXML to the actual language of the mobile device, such as WML, HDML, or cHTML and returns the information back to the WAP gateway to be rendered on the mobile client.

Oracle Application Server 10g: Administration I 3-20

OracleAS Reports Service

Client

Oracle application server OC4J reports services Reports servlet Reports server

Database

Oracle HTTP server

Copyright © 2004, Oracle. All rights reserved.

OracleAS Reports Services Runtime Process OracleAS Reports Services is the reports publishing component of Oracle Application Server. You can use OracleAS Reports Services to publish in both Web-based and nonWeb-based environments. The components of OracleAS Reports Services are the Reports Servlet and the Reports Server. • The Reports Servlet runs in the Web server’s servlet engine and translates and delivers information between OHS and the Reports Server. • The Reports Server processes client requests, which includes ushering them through its various services, such as authentication and authorization checking, scheduling, caching, and distribution.

Oracle Application Server 10g: Administration I 3-21

OracleAS Forms Services

Client

Oracle Application Server OC4J Forms

Database

Oracle HTTP server (OHS)

Forms listener servlet

Forms runtime process

Copyright © 2004, Oracle. All rights reserved.

OracleAS Forms Services OracleAS Forms Services is a middle-tier application framework and consists of three major components: • The thin java client with java plugin (or Jinitiator plugin) • The Forms Listener Servlet, which resides on the middle tier. The Forms Listener Servlet acts as a broker between the Java client and the Forms runtime process. It takes connection requests from Java client processes and initiates a Forms runtime process on their behalf. • The Forms Runtime Process, which also resides on the middle tier. The Forms runtime process manages application logic and processing. It maintains a connection to the database on behalf of the Java client. It uses the same forms, menus, and library files that were used for running in client/server mode. The Forms runtime process plays two roles: - When it communicates with the client browser, it acts as a server by managing requests from client browsers and it sends metadata to the client to describe the user interface. - When it is communicating with the database server, it acts as a client by querying the database server for requested data.
Oracle Application Server 10g: Administration I 3-22

OracleAS Discoverer

Copyright © 2004, Oracle. All rights reserved.

OracleAS Discoverer OracleAS Discoverer is a business intelligence tool for analyzing data and is a key component of Oracle Application Server (OracleAS). Discoverer provides an integrated business intelligence solution comprising intuitive ad hoc query, reporting, analysis, and Web-publishing functionality. There are two OracleAS Discoverer business analysis tools: • Discoverer Plus is a Web tool that enables users to analyze data and create reports without having to understand difficult database concepts. Using Wizard dialogs and menus, Discoverer Plus guides users through the steps to create powerful reports and charts that can be accessed using Discoverer Plus or Discoverer Viewer. • Discoverer Viewer is a Web tool for accessing interactive reports and charts created using Discoverer Plus. Because Discoverer Viewer is a thin-client HTML tool, users require only a Web browser to run Discoverer Viewer. Discoverer viewer can also be used to publish reports in to a portal, and is easily customized to conform to a particular Web site look and feel. Discoverer Viewer is optimized for performance and designed to minimize network traffic.

Oracle Application Server 10g: Administration I 3-23

OracleAS Personalization
Requests for recommendations Web application Mobile application
Recommendations

Recommendation engine Predictive models

Hello! We have recommendations for you. Call center application Campaign management

Historical data

Copyright © 2004, Oracle. All rights reserved.

OracleAS Personalization OracleAS Personalization (OP) is an integrated software product that provides a way for businesses to personalize recommendations that they suggest to customers. Recommendations are personalized for each customer. For OP to serve recommendations, the applications should be able to make Java-API calls to or from OP. OP incorporates visitor activity into its recommendations in real time, that is, during the Web visitor’s session. For example, OP records a visitor’s navigation through the Web site, noting the links that are clicked, and so on. The visitor may respond to a Web site’s request to rate something, for example, a book or a movie. Such ratings become part of the data stored for that visitor. Any purchases made become part of the data stored for that visitor. All the Web-based behavior for the visitor is saved to a database. OP uses the stored data to build predictive models. This data can be updated with data collected in subsequent sessions, thereby increasing the accuracy of predictions.

Oracle Application Server 10g: Administration I 3-24

Summary
In this lesson, you should have learned: • How the main components build the Oracle Application Server architecture • Which Oracle Application Server components are included with the different installation types • The dependencies between Oracle Application Server installation options • A simple deployment topology for Oracle Application Server

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 3-25

Installing the OracleAS Infrastructure

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Define the installation requirements for OracleAS Infrastructure • Describe OracleAS Infrastructure installation types • Install OracleAS Infrastructure • Start and stop OracleAS Infrastructure

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 4-2

Services and Components of OracleAS Infrastructure
Service
Product Metadata service Identity Management service

Description
Schemas for components such as Portal and Wireless •A consistent security model for all applications •Single source of security metadata containing all administration and user privileges Schemas containing OracleAS instance configuration

Component(s)
• OracleAS Metadata Repository • Oracle Internet Directory • OracleAS Single Sign-On • Oracle Delegated Administration Services • Oracle Directory Integration and Provisioning • OracleAS Certificate Authority • OracleAS Metadata Repository

Configuration Management service

Copyright © 2004, Oracle. All rights reserved.

Services and Component Matrix for OracleAS Infrastructure When you install the OracleAS Infrastructure, you can specify if you want to install the Identity Management components, the OracleAS Metadata Repository, or both. The Oracle HTTP Server, OC4J, and Oracle Enterprise Manager components are always installed, regardless of which installation type you selected. • Identity Management Components: These components provide directory, security, and user-management functionality. Some of these components (such as OracleAS Single Sign-On) have schemas in the OracleAS Metadata Repository. - Oracle Internet Directory (OID) - OracleAS Single Sign-On - Oracle Delegated Administration Services - Oracle Directory Integration and Provisioning - OracleAS Certificate Authority • OracleAS Metadata Repository is a collection of schemas used by other OracleAS components. The schemas can be grouped into the following categories: - Product metadata - Identity management metadata - Configuration management metadata
Oracle Application Server 10g: Administration I 4-3

Services and Component Matrix for OracleAS Infrastructure (continued) You must install the OracleAS Infrastructure before you can install OracleAS middle tier, because the information about Oracle Internet Directory and metadata repository is required during the middle-tier installation. The only scenario where you do not need to install the OracleAS Infrastructure first is when you are installing a J2EE and Web Cache instance without the database-managed OracleAS clusters or the Identity Management features. In this case, you simply install the J2EE and Web Cache; you do not need to install any OracleAS Infrastructure services at all. If you later decide that you want to associate your J2EE and Web Cache instance with OracleAS Infrastructure, then you can install OracleAS Infrastructure and do the association.

Oracle Application Server 10g: Administration I 4-4

OracleAS Infrastructure Installation: Overview
The installation of OracleAS Infrastructure involves the following steps: • Preinstallation tasks
– Check Metalink, installation guide, and release notes. – Check requirements. – Create OS users and groups as required.

•

Installation
– Select the installation type and components to configure. – Postinstallation tasks and checks.

Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure Installation: Overview The installation of OracleAS Infrastructure involves the following steps: • Preinstallation tasks: - Read the Oracle AS Installation Guide and the Release Notes for details about the installation. - Check whether the system has the required resources in terms of CPU, memory, and disk space. - Verify the version of the operating system and if the necessary patches and packages are present. Designate a disk location for installing OracleAS Infrastructure. - Ensure that the user who is performing the installation has sufficient access rights. On platforms such as UNIX and Linux, some scripts are required to be run as super user during the installation. You can either grant the installing user the super user (root) privileges or ensure that the user with super user (root) privilege is available to run such scripts. On Windows platforms, you should install OracleAS Infrastructure as a user with Administrator privileges.

Oracle Application Server 10g: Administration I 4-5

Minimum Requirements for OracleAS Infrastructure
Solaris
CPU Disk Memory Swap/Page Temporary Monitor Operating System 296 MHz SPARC 2.6 GB 1 GB Swap 700 MB 512 MB 256 Color Solaris 8 or 9

Windows
Pentium 450 MHz 3.9 GB 1 GB Page 1GB 512 MB 256 Color Windows NT, 2000

Linux
Pentium 450 MHz 2.6 GB 1 GB Swap 700 MB 512 MB 256 Color Red Hat Linux AS 2.1

Oracle Application Server 10g is also available on other platforms such as HP/Ux, AIX, and so on.
Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure Requirements The requirements in the slide relate to the installation of OracleAS Infrastructure. For more information, refer to the OracleAS Installation Guide for the system you are using. • In a Linux system, you can check the processor details from the /etc/cpuinfo file and the operating system from the /etc/issue file.
# cat /proc/cpuinfo | grep -i name model name : Intel(R) Pentium(R) 4 CPU 1.70GHz # cat /etc/issue Red Hat Linux Advanced Server release 2.1AS/\m (Pensacola)

•

You can get the kernel version by using the rpm command.
# rpm –qa | grep kernel kernel-headers-2.4.9-e.25 kernel-2.4.9-e.25

•

You can get the memory and the swap configuration by using the free command.
# free total used free shared Mem: 1027820 980724 47096 135140 -/+ buffers/cache: 726360 301460 Swap: 522072 360844 161228 buffers 36016 cached 218348

Oracle Application Server 10g: Administration I 4-6

OracleAS Infrastructure Requirements (continued) • You can get the disk space usage or the disk space availability by using the df command.
# df –m (to get values in MBs) Filesystem 1M-blocks Used Available Use% Mounted on /dev/hda6 14384 5271 8383 39% / none 502 0 501 0% /dev/shm /dev/hda1 1004 696 308 70%

Oracle Application Server 10g: Administration I 4-7

Setting Up the Environment
• • Kernel parameters Environment variables:
– TMP – DISPLAY – ORACLE_HOME, ORACLE_SID (unset these)

• •

/etc/hosts file Default port for the metadata repository listener is 1521.

Copyright © 2004, Oracle. All rights reserved.

Setting Up the Environment You may also have to set some parameters at the OS level. The following is a list of the essential parameters for Linux Red Hat Advanced Server operating system: • The current settings of semaphores are stored in /proc/sys/kernel/sem file. The order and the values of the semaphore variables are: - semmsl 100, semmns 32000, semopm 100, and semmni100 - You can use the cat command to verify the values.
# cat /proc/sys/kernel/sem 250 32000 32 128

- To alter the values as required, you can use the echo command.
# echo 100 32000 100 100 > /proc/sys/kernel/sem # cat /proc/sys/kernel/sem 100 32000 100 100

•

•

The current settings for shared memory parameters shmmax, shmmni, and shmall are stored in their respective files under /proc/sys/kernel directory. You can use the cat command to view the value and the echo command to reset the values. Set the maximum file-handles for a process to 131072.
# echo 131072 > /proc/sys/fs/file-max # ulimit -n 131072 Oracle Application Server 10g: Administration I 4-8

Setting Up the Environment (continued) • Open the port range between 1024 and 65000 for access, by setting the port range as follows:
# echo 1024 65000 > /proc/sys/net/ipv4/ip_local_port_range

• •

Set the maximum number of processes spawned by a user to 16384 by using the ulimit command.
# ulimit -u 16384

The kernel parameters set in this step are transient, and do not survive a reboot of the system. To make these values permanent, you should incorporate these parameters in the /etc/sysctl.conf file.

Setting Up the Environment Variables • TMP: The temporary space is used during the installation process for expanding and configuring the installable modules. Set this variable to point to a directory that has at least 1 GB of free space and also ensure that the user who is installing has write privileges. • DISPLAY: This variable is used by the Oracle Universal Installer on UNIX and Linux platforms to direct the User Interface prompts and responses. If you are running the Oracle Universal Installer remotely from another workstation, set DISPLAY to the system name or IP address of your local workstation where you launch the Oracle Universal Installer. - For example, if you are working from a workstation with IP address 123.45.67.89, then you set the DISPLAY as follows:
DISPLAY=123.45.67.89:0.0; export DISPLAY.

ORACLE_HOME and ORACLE_SID: ORACLE_HOME is an environment variable that indicates the directory in which the OracleAS software is installed. ORACLE_SID variable points to the database that you normally log into. If you have other Oracle products installed on the computer where you plan to install OracleAS, you might have set the ORACLE_HOME and ORACLE_SID. In order to avoid confusion and problems in the installation of OracleAS Infrastructure, you should remove the settings for ORACLE_HOME and ORACLE_SID variables. Setting Up the Hosts File • In UNIX and Linux systems, the /etc/hosts file (in Windows, the %SYSTEMROOT%\system32\drivers\etc\hosts file) describes the host name and IP address of the system. Ensure that the format that is used in this file is consistent with the following:
•

<IP_ADDRESS> <DOMAIN_QUALIFIED_HOSTNAME> <ALIASES>

- For example:
123.123.123.123 myappsrv.mycompany.com myappsrv

Database Listener Port • The database installed with OracleAS Infrastructure uses port 1521 by default. If you have another application on the host using port 1521, you can use the staticports.ini file to suitably assign the ports for the Infrastructure that you are installing. For more information, refer to the Oracle Application Server Installation Guide.
Oracle Application Server 10g: Administration I 4-9

OracleAS Infrastructure: Installation Steps
1. Welcome 2. Inventory Location 3. File Location 4. Product to Install 5. Installation Type 6. Preinstallation Requirement 7. Configuration Option 8. Identity Management Realm 9. Certificate Authority 10. Database Identification 11. Infrastructure instance
Copyright © 2004, Oracle. All rights reserved.

OracleAS Infrastructure: Installation Steps 1. In the Welcome window, review the information about Oracle Universal Installer. Click Next to proceed with the installation. 2. Verify the location of the inventory directory for installation files. 3. In the File Locations window, verify the destination name and destination path. OracleAS Infrastructure must be installed in a separate Oracle Home, preferably on a separate host from any Oracle Application Server installations. 4. In the Select a Product to Install window, select OracleAS Infrastructure. OracleAS Infrastructure installs OracleAS Metadata Repository and Identity Management components. 5. Select the Product type that you want to install: Metadata Repository, Identity Management components, or both. 6. Confirm pre-installation requirements. 7. In the Select Configuration Options window, you can select the components that you want to configure. You can choose to configure Oracle Internet Directory, OracleAS Single Sign-On, Oracle Delegated Administration Services, Oracle Directory Integration and Provisioning, and OracleAS Certificate Authority.

Oracle Application Server 10g: Administration I 4-10

OracleAS Infrastructure Installation Steps (continued) 8. Select the Identity Management Realm. 9. Certification Authority 10. Provide the Database Identification details. 11. Provide the OracleAS Infrastructure instance details. 12. Verify the summary. The installation proceeds in two phases. Initially the necessary product files are copied and extracted. Then the configuration assistants are run. Before invoking the configuration assistants, you would be required to run root.sh script as the super user to create necessary information for the Database Configuration assistant.

Oracle Application Server 10g: Administration I 4-11

Starting the Installation
To start your installation in UNIX/Linux systems: • Mount the installation CD-ROM drive. • Insert your Oracle Application Server 10g Release 9.0.4 media into the drive. • Run Oracle Universal Installer from the media.

Copyright © 2004, Oracle. All rights reserved.

Starting the Installation To launch Oracle Universal Installer and install OracleAS, perform the following steps: • In a Linux or UNIX environment, mount the drive that you would use to install Oracle Application Server, if it is not already mounted. • Insert your Oracle Application Server Release 10g Release 9.0.4 media into the drive. In Windows systems, the Installer is invoked automatically if autorun is enabled. • In Linux or UNIX systems, invoke the Installer by using the script runInstaller. When you invoke the Installer, it runs a prerequisites check, and notifies if the verification has passed or failed. Then the graphic Oracle Universal Installer is invoked.

Oracle Application Server 10g: Administration I 4-12

Oracle Universal Installer

Copyright © 2004, Oracle. All rights reserved.

Oracle Universal Installer OracleAS uses Oracle Universal Installer to install and configure components. The Installer guides you through each step of the installation process, so that you can choose configuration options for a customized product. The Installer includes features that perform the following tasks: • Exploring and providing installation options for products • Detecting preset environment variables and configuration settings • Setting environment variables and configuration during installation • Uninstalling products The Installer creates the oraInventory directory the first time it is run on your machine. The oraInventory directory keeps an inventory of products that the Installer installs on your machine, as well as other installation information. If you have previously installed Oracle products, then you may already have an oraInventory directory. The latest log file can be obtained from the oraInventory_location/logs directory. Log file names take the form installActions<datetime>.log. Do not delete or manually alter the oraInventory directory or its contents. Doing so can prevent the Installer from locating products that you have installed on your system.
Oracle Application Server 10g: Administration I 4-13

First Installation of Oracle Product

Copyright © 2004, Oracle. All rights reserved.

First Installation of Oracle Product If OracleAS Infrastructure is the first Oracle product that is to be installed on your computer, the Installer displays a window where you specify an inventory location. The inventory location directory has the following attributes: • It contains the permanent and per-product component files in subdirectories. • Any user installing or updating Oracle products on the computer must be able to write to it. If the different Oracle product installations need to be managed separately, keep the inventory location in a common place so that other users in the OS group have access when they install or update Oracle products. If you have installed an Oracle product previously on the computer, the Installer uses the existing inventory location. Ensure that you have write permissions on that directory. Group Window on UNIX and Linux When creating the inventory location on UNIX or Linux systems, the Installer invokes the group window in which you specify the OS group that performs the installation or update. The Installer then prompts you to run a script as the root user to ensure that the permissions to the inventory location is granted to the group.
Oracle Application Server 10g: Administration I 4-14

Specify File Locations Window

Copyright © 2004, Oracle. All rights reserved.

Specify File Locations Window This window enables you to provide the Oracle Home details for the product that you are installing. You provide the following: • Name, using which this installation will be identified in the Inventory. The name cannot contain spaces, and has a maximum length of 16 characters; for example, infra. • Path, where you enter the full path for the OracleAS Infrastructure executables and configuration files. If the directory does not exist, the Installer creates it. If you want to create the directory in advance, create it as the user installing the software; do not create it as the root user. The Oracle Home path cannot contain environment variables or spaces.

Oracle Application Server 10g: Administration I 4-15

Select a Product to Install

Copyright © 2004, Oracle. All rights reserved.

Select a Product to Install Select which part of OracleAS you want to install. Select OracleAS Infrastructure to install OracleAS Infrastructure.

Oracle Application Server 10g: Administration I 4-16

Select Installation Type

Copyright © 2004, Oracle. All rights reserved.

Select Installation Type You should select the installation type that you want based on the following: • Identity Management and OracleAS Metadata Repository - Select this option to install Identity Management services and a new Oracle database that contains the Metadata Repository on this host. - Do not select this option if you want to use an existing Oracle database that contains the OracleAS Metadata Repository or if you want to install the database and the Identity Management services on separate hosts. • Identity Management - If you select this option to install OracleAS Single Sign-On or OracleAS Certificate Authority, you need an existing OracleAS Metadata Repository. • OracleAS Metadata Repository - Select this option to install a new Oracle database that contains the OracleAS Metadata Repository. The repository can then be used by OracleAS instances and Identity Management services. - When you install only OracleAS Metadata Repository, the Application Server Control is not installed. You can use the Database Control or the Oracle9i Database Studio to manage the OracleAS Metadata Repository Database.
Oracle Application Server 10g: Administration I 4-17

Select Installation Type (continued) - To install the repository into an existing database, run the OracleAS Repository Creation Assistant that is available on the “OracleAS Repository Creation Assistant” CD.

Oracle Application Server 10g: Administration I 4-18

Preview of Infrastructure Installation

Copyright © 2004, Oracle. All rights reserved.

Preview of Steps for Infrastructure Installation The page provides a preview of the remaining steps in the installation. Depending on your choice of installation type and the components, this page provides an overview of further information that you will need to complete the installation.

Oracle Application Server 10g: Administration I 4-19

Select Configuration Options

Copyright © 2004, Oracle. All rights reserved.

Select Configuration Options You can select the OracleAS Infrastructure components that you want the Installer to configure and start after the installation. OracleAS Metadata Repository, Oracle HTTP Server, and Oracle Containers for J2EE components will be configured always. When you perform an installation of both the Metadata Repository and Identity Management components, then the following components are selected by default: • Oracle Internet Directory • OracleAS Single Sign-On • Delegated Administration Service • Oracle Directory Integration and Provisioning You can select OracleAS Certificate Authority if you intend to use the component. As already mentioned, irrespective of your selection in this window, all the components will be installed. However, the configuration assistants relating to the components not selected in this window will not be run after installation. If you decide to use that component at a later time, then you must manually launch the configuration assistant to configure that component.

Oracle Application Server 10g: Administration I 4-20

Specify Identity Management Realm

Copyright © 2004, Oracle. All rights reserved.

Specify Identity Management Realm An Identity Management Realm in Oracle Internet Directory contains management policies for all users and groups in the OID. You specify the root-level location of the default realm. This realm will be created when OID is installed. Default Location • The default location is derived from the DNS domain name of the host where the Installer will install Oracle Internet Directory. For example, if the host name is myhost.acme.com, then the root location of the default Identity Management Realm would be dc=acme,dc=com. • The Installer creates the directory tree corresponding to the default location. It also creates two subcontainers (cn=users and cn=groups) under the root location. You can add users and groups to these subcontainers. • The Installer also creates default naming, authentication, and authorization policies in the realm. You can customize these policies after installation. Custom Location • If the default location does not meet your deployment needs, use this field to specify an alternative root location (using a distinguished name, or DN) for your default Identity Management Realm.
Oracle Application Server 10g: Administration I 4-21

OracleAS Certificate Authority

Copyright © 2004, Oracle. All rights reserved.

OracleAS Certificate Authority You configure OracleAS Certificate Authority to provide digital certificates. The Certificate Issuing Authority must have a distinguished name. You can use the typical distinguished name (DN), in which case the DN from the Identity Management Realm you entered will be used. You have to enter the Organization (O) field for the certificate authority. In the next window, you enter the key length for encryption. The longer the key, the higher the security, but it will take longer for the certificate issuance. Generally, a key length of 2048 would be adequate.

Oracle Application Server 10g: Administration I 4-22

Database Identification

Copyright © 2004, Oracle. All rights reserved.

Database Identification The Database Identification window is used in creating the Oracle database to store the metadata repository. The identifiers that are specified here are used for managing and connecting to the repository. The global database name should be unique across the network.

Oracle Application Server 10g: Administration I 4-23

Passwords and Database File Location

Copyright © 2004, Oracle. All rights reserved.

Passwords and Database File Location You must specify the Sys and System passwords for users of metadata repository database in the Set Sys and System Passwords window. In the Database File Location window, you can enable the database configuration assistant to locate your database files in a separate directory.

Oracle Application Server 10g: Administration I 4-24

Database Character Set

Copyright © 2004, Oracle. All rights reserved.

Database Character Set Choose one of the following three character sets for your database: • The default character set is based on the language of the installation operating system. If you intend to store data in only one language, accept the default database character set. Unicode enables you to store multiple language groups. You can also choose one of the common character sets.

• •

Oracle Application Server 10g: Administration I 4-25

Specify Instance Details

Copyright © 2004, Oracle. All rights reserved.

Specify Instance Details Each OracleAS instance on a machine has a unique name. This name is essential for routing requests and administrative purposes as well. Also ias_admin, which is the administrative user for each instance, has its own password regardless of who performed the installation. This password is used by other administrative users such as the Portal Administrator (portal_admin) and OID Administrator (orcladmin).

Oracle Application Server 10g: Administration I 4-26

Summary of Installation

Copyright © 2004, Oracle. All rights reserved.

Summary of Installation The Installer provides the summary of options that you have chosen. Verify the details in this window and click Install to begin the installation. The Installer performs three installation actions: • Copies files • Links the executables • Sets up the configuration Then, it invokes the configuration assistants. Before invoking the configuration assistants, you should run the root.sh script as super user from another window or terminal to set up database entries. The entries are used for two main purposes: • Automating the startup of databases • Creating entries to enable Oracle Net Configuration assistant and Database Configuration Assistant to run

Oracle Application Server 10g: Administration I 4-27

End of Installation Window

Copyright © 2004, Oracle. All rights reserved.

End of Installation Window The End of Installation window appears at the end of the installation process. It notifies you whether the installation was successful or unsuccessful. In this window, note the following information that you will need to manage the OracleAS Infrastructure: • The URL to access the Oracle HTTP Server and the Welcome page • The URL to access the Application Server Control

Oracle Application Server 10g: Administration I 4-28

Postinstallation Tasks
• • • Set the ORACLE_HOME and ORACLE_SID variables. Include $ORACLE_HOME/bin in your $PATH. Verify the status of the following:
– Infrastructure database and its listener – OracleAS Infrastructure instance and Components – Application Server Control

•

Note the port assignments for your installation.

Copyright © 2004, Oracle. All rights reserved.

Postinstallation Tasks Set the environment variables: • After you have installed OracleAS Infrastructure, you should set the ORACLE_HOME and ORACLE_SID environment variables for ease of managing the OracleAS Infrastructure. The following examples show the setting using Korn or bash shell. (SID is infra, and ORACLE_HOME is /oracle/oraias/infra).
export ORACLE_SID=infra export ORACLE_HOME=/oracle/oraias/infra export PATH=$PATH:$ORACLE_HOME/bin

You can include the commands above in the .login file of the OS user installing and managing OracleAS Infrastructure. Verify the status of database listener: • To verify that the database listener is operational, you can use the lsnrctl command. In the following example it is presumed that you are using the default database listener.
$ORACLE_HOME/bin/lsnrctl status | grep status ... Instance "infradb", status READY, has 3 handler(s) for this service... Oracle Application Server 10g: Administration I 4-29

•

Accessing the OracleAS Instance

Copyright © 2004, Oracle. All rights reserved.

Accessing the Welcome Page You can assess if the following are working: • You can also log in to the URL http://<your-server>:<HTTP-port> to access the welcome page of your Oracle HTTP Server. You can get the HTTP port from the portlist.ini file in your ORACLE_HOME/install/ directory. • Using the Enterprise Manager link in your HTTP Server page, you can access the OracleAS Console of the Enterprise Manager. You will be prompted for the ias_admin username and password. • From the Application Server Control you can drill down to OracleAS instances and look at the status of the instance and its components.

Oracle Application Server 10g: Administration I 4-30

Application Server Control

Copyright © 2004, Oracle. All rights reserved.

Application Server Control You can access the Application Server Control of your OracleAS Infrastructure using the URL http://<host>:<em-port>. For example, in the slide it is accessed using the URL http://edcdr6p1.us.oracle.com:1810 When you install an OracleAS Infrastructure, a farm is also initiated and the Farm page becomes the entry point for the Application Server Control. You can drilldown to the OracleAS Infrastructure instance and monitor and administer the components of that instance.

Oracle Application Server 10g: Administration I 4-31

Verifying OID Server

Copyright © 2004, Oracle. All rights reserved.

Verifying OID Server From the OracleAS Infrastructure Home page, you can use drilldown to the OID Server Home page to verify the details of the OID server. The Directory Server Instances section describes the detail of the OID server including which port the OID server is running on. This information will be required when you install the middle-tier components that use the OracleAS Infrastructure.

Oracle Application Server 10g: Administration I 4-32

Accessing the SSO Server

Copyright © 2004, Oracle. All rights reserved.

Accessing the SSO Server You can access and administer the SSO server as follows: • Invoke the Application Server Control and navigate to the Infrastructure instance page. • Click the Single Sign-On:orasso link in the Systems Components Table. Verify that the SSO component is active. • Click Administer via Single Sign-On Web Application link under Related Links section of the Single Sign-On:orasso page. • Click Login link in the SSO Server home page. • Enter orcladmin as the username and the password for administrative users (welcome1) that you entered during the OracleAS Infrastructure installation. The SSO Server Administration Link appears in your SSO Server home page.

Oracle Application Server 10g: Administration I 4-33

Starting and Stopping OracleAS Infrastructure
• To start an OracleAS Infrastructure, start the components in the following order:
1. 2. 3. 4. Start the database listener. Start the metadata repository database. Start OracleAS Infrastructure instance processes. Start Application Server Control.

•

To stop an OracleAS Infrastructure, stop the components in the following order:
1. 2. 3. 4. Stop Application Server Control. Stop OracleAS Infrastructure instance processes. Stop the metadata repository database. Stop the database listener.

Copyright © 2004, Oracle. All rights reserved.

Starting an OracleAS Infrastructure To start an OracleAS Infrastructure, start the components in the following order: 1. Start the database listener:
ORACLE_HOME/bin/lsnrctl start

2. Start the repository database:
ORACLE_SID=iasdb; EXPORT ORACLE_SID ORACLE_HOME/bin/sqlplus /nolog sql> connect sys/password_for_sys as sysdba sql> startup sql> exit

3. Start the processes of the OracleAS Infrastructure instance:
ORACLE_HOME/opmn/bin/opmnctl startall

4. Start the OracleAS Console:
ORACLE_HOME/bin/emctl start iasconsole

To stop OracleAS Infrastructure, stop the components in the reverse order.

Oracle Application Server 10g: Administration I 4-34

Summary
In this lesson, you should have learned how to do the following: • Define the installation requirements for OracleAS Infrastructure • Describe OracleAS Infrastructure installation types • Install OracleAS Infrastructure • Start and stop OracleAS Infrastructure

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 4-35

Installing the OracleAS Middle Tier

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Describe the Oracle Application Server 10g Middle Tier installation types and their requirements • Perform preinstallation tasks • Install the middle tier with BI and Forms installation type • Verify completion of the installation • Access the installed OracleAS middle-tier components

Copyright © 2004, Oracle. All rights reserved.

Objectives This lesson discusses the installation of Oracle Application Server 10g Middle Tier. The information in this lesson will help you perform an effective installation based on site requirements.

Oracle Application Server 10g: Administration I 5-2

OracleAS Middle-Tier Installation Phases: Overview
1. Preinstallation
• Check the requirements. • Create the required OS users and groups. • Set up the environment.

2. Installation
• Select an installation type and components to configure. • Provide required information to connect to OracleAS Infrastructure.

3. Postinstallation
• Access the component Web pages. • Verify the installation.
Copyright © 2004, Oracle. All rights reserved.

OracleAS Middle-Tier Installation Phases: Overview Preinstallation During the first phase of installation, you perform the following tasks: • Create UNIX accounts and groups. • Perform component-specific preinstallation tasks on the middle tier and the origin database where you stored your application data. Do not perform these tasks on OracleAS Infrastructure. Installation During the second phase of installation, the Oracle Universal Installer (Installer) guides you through the installation steps that include selecting an installation type, defining connect information to the Metadata Repository, and selecting the components that you want to configure automatically and start at the end of the installation. Postinstallation During the final phase of the installation process, you verify the installation by accessing the middle-tier component Web pages and checking the component status by using Application Server Control.

Oracle Application Server 10g: Administration I 5-3

Preinstallation: OracleAS Middle Tier Requirements
Solaris
CPU Disk Memory Swap / Page Temporary Monitor Operating System 296 MHz SPARC 1.5 GB 1 GB Swap 1 GB 512 MB 256 Color Solaris 8 or 9

Windows
Pentium 450 MHz 1.5 GB 1 GB Page 1GB 512 MB 256 Color Windows NT, 2000, 2003, XP

Linux
Pentium 450 MHz 1.5 GB 1 GB Swap 1GB 512 MB 256 Color Red Hat Linux AS2.1

Copyright © 2004, Oracle. All rights reserved.

Preinstallation: Checking OracleAS Middle-Tier Requirements The requirements that are listed in the table in the slide relate to the OracleAS Business Intelligence and Forms type installation. The requirements for other Oracle Application Server installation types are usually less demanding. For more information, refer to the Oracle Application Server Installation Guide.

Oracle Application Server 10g: Administration I 5-4

Preinstallation: Setting Up the Environment
The following must be verified before starting the Installer: • The environment variable DISPLAY is set.
– This variable enables you to run the Installer remotely.

• •

The OS user installing should have permission to write to the inventory directory. The host name file is configured correctly.
– <hostIP> <hostname.domain> <hostname> <alias> Example: – 123.456.789.012 myhost.mydomain myhost

Copyright © 2004, Oracle. All rights reserved.

Preinstallation: Setting Up the Environment Setting DISPLAY (Linux/UNIX only) On Linux and UNIX systems, you can install OracleAS Middle Tier by using a remote workstation. Setting the DISPLAY environment variable also enables you to run Installer remotely from a local workstation. On the system where you run Installer, set DISPLAY to the system name or IP address of your local workstation.

Oracle Application Server 10g: Administration I 5-5

Installation: Starting the Installer
To start your installation: • Insert your Oracle Application Server media into the drive. • On Linux/UNIX:
– Mount the installation media – Run Oracle Universal Installer from the media

•

On Windows 2000:
– In the Autorun window that appears, choose Install/Deinstall Products or run autorun.exe directly from the AUTORUN directory on your media

Copyright © 2004, Oracle. All rights reserved.

Installation: Starting the Installer To launch Oracle Universal Installer and install OracleAS: • Insert your Oracle Application Server 10g Release 9.0.4 media into the drive. • On Linux or UNIX systems, mount the installation media. If you are using the Solaris Volume Management software (installed by default with Solaris Operating Environment), then the drive is mounted automatically when you insert it in the disk drive. On Windows 2000 with autorun capabilities, the Autorun window appears; select Install/Deinstall Products. If your machine is not set up with Autorun capability, run autorun.exe directly from the autorun directory on the media drive.

Oracle Application Server 10g: Administration I 5-6

Installation: Installer Steps Overview

Copyright © 2004, Oracle. All rights reserved.

Installation: Installer Steps Overview After you launch the Installer, it guides you through the following installation steps: 1. The Installer verifies the following: Operating System, Kernel and C Library, Presence of a few packages, and the Swap space before invoking the Welcome Page. 2. The Welcome page is invoked. This is usually the first window that allows you to browse the previously installed Oracle products on the machine, to remove the installed Oracle products, or to install a new Oracle product. 3. File locations are specified. In the File Locations window, you enter the full path of the destination location to install the middle tier. The source path points to the location from where you had invoked the Installer. 4. Product is selected. In the Available Products window, you select the Oracle Application Server as a product to install the middle tier. 5. An installation type of the middle tier is selected. In this case, select Business Intelligence and Forms type of installation. 6. Component configuration and startup are selected. 7. Instance Name and ias_admin password are specified. 8. Existing OID and OracleAS Single Sign-On are selected.

Oracle Application Server 10g: Administration I 5-7

Specifying File Locations

Copyright © 2004, Oracle. All rights reserved.

Specifying File Locations In the Specify File locations window, you can enter the Oracle Home name and path. Each installation must have its own Oracle Home. Initially, the Installer displays the list of names of the currently installed products. Enter a new name for your installation. The Oracle Home path must be a real, absolute path. It cannot contain environment variables or spaces.

Oracle Application Server 10g: Administration I 5-8

Selecting a Product

Copyright © 2004, Oracle. All rights reserved.

Installer: Selecting a Product In the Select a Product to Install window, you select the Oracle Application Server as a product to install the middle tier.

Oracle Application Server 10g: Administration I 5-9

Selecting an Installation Type

Application Server Control is installed with each installation.
Copyright © 2004, Oracle. All rights reserved.

Selecting an Installation Type The installation type defines the Oracle Application Server middle-tier components that are installed on your machine. You select one of the following Oracle Application Server installation options in the Installation Types window: • J2EE and Web Cache: Installs OracleAS Web Cache, Oracle HTTP Server, and OracleAS Container for J2EE • Portal and Wireless: Installs OracleAS Web Cache, Oracle HTTP Server, OracleAS Container for J2EE, OracleAS Portal, and OracleAS Wireless • Business Intelligence and Forms: Installs OracleAS Web Cache, Oracle HTTP Server, OracleAS Container for J2EE, OracleAS Portal, OracleAS Wireless, OracleAS Discoverer, OracleAS Reports Services, OracleAS Forms Services, and OracleAS Personalization The installation type also defines what information is required from you during the further steps of the installation. For example, you will need to provide information on how to connect to OID and SSO server if you are installing Portal and Wireless or Business Intelligence and Forms.

Oracle Application Server 10g: Administration I 5-10

OUI: Selecting Component Configuration

Copyright © 2004, Oracle. All rights reserved.

Installer: Selecting Component Configuration In the Component Configuration window, you specify which middle-tier components should be configured during the installation and started upon its completion. The Installer automatically configures and starts some of the mandatory components (for example, the Oracle HTTP Server, OC4J, and OracleAS Web Cache). You do not have to select all the components that are to be configured during the installation. The Installer copies all required component files to the middle tier so that you can log on to the Application Server Control and configure the corresponding components later. For example, if you are installing BI and Forms installation type, you can choose not to configure OracleAS Personalization. However, the OracleAS Personalization component will be installed completely if you decide to configure or use it later.

Oracle Application Server 10g: Administration I 5-11

Registering with OID

Copyright © 2004, Oracle. All rights reserved.

Installer: Registering with OID As already discussed, the OracleAS middle tier components such as OracleAS Portal, OracleAS Forms Server, OracleAS Reports Server require to use the Identity Management provided by Oracle Internet Directory of OracleAS Infrastructure. While installing the middle tier, you should specify the location (the host name and port) of Oracle Internet Directory that you want your middle tier to use.

Oracle Application Server 10g: Administration I 5-12

Using Metadata Repository

Copyright © 2004, Oracle. All rights reserved.

Metadata Repository The middle-tier installations require the metadata repository to store its own metadata information. You specify the location of the OracleAS Metadata Repository in this window.

Oracle Application Server 10g: Administration I 5-13

Instance Name and ias_admin Password

Copyright © 2004, Oracle. All rights reserved.

Instance Name and ias_admin Password Specify Instance Name: Each middle-tier installation should have a unique name and is used to identify the installation and the corresponding middle-tier instance on the system. Each installation will create one instance of Oracle Application Server. It is possible to scale up an installation as follows: • From J2EE and Web Cache installation type to Portal and Wireless installation type • From J2EE and Web Cache installation type to BI and Forms installation type • From Portal and Wireless installation type to BI and Forms installation type It is not possible to scale down an installation. Specifying ias_admin password: A default OracleAS installation administrative user ias_admin is created during the installation. The Application Server Control uses the ias_admin user to manage the instance. The password that you select for ias_admin allows you to manage all instances of Oracle Application Server across the installation, run management tools, and facilitate future installations.

Oracle Application Server 10g: Administration I 5-14

Installer: Summary

Copyright © 2004, Oracle. All rights reserved.

Installer: Summary You can review all the settings before the actual installation process in the Summary window. These settings include source, destination, installation type, product language, space requirements, and a list of components. To make changes to any of these settings, click Previous to return to the respective windows. When you click Install, the installation process begins. Note: Insufficient disk space is indicated in red under Space Requirements. The Installer then performs the installation action in three phases: copying, linking, and setting up files. Then it invokes the component configuration assistants.

Oracle Application Server 10g: Administration I 5-15

Installer: End of Installation

Copyright © 2004, Oracle. All rights reserved.

Installer: End of Installation The End of Installation window appears at the end of the component configuration process. It notifies you whether the installation was successful or unsuccessful. In this window, you should note the URLs for the Oracle HTTP Server and Application Server Control.

Oracle Application Server 10g: Administration I 5-16

Accessing the Application Server Control

Copyright © 2004, Oracle. All rights reserved.

Accessing Application Server Control You can access the Application Server Control using the URL http://<hostname>:<emport>. The detail of the ports can be obtained from the portlist.ini file in the install directory of your Oracle home. The BI and Forms installation type is registered with an OracleAS Infrastructure, the farm page becomes the entry point for Application Server Control. You can ensure that all the components you had opted to configure during the installation are available, in the System Components table.

Oracle Application Server 10g: Administration I 5-17

Application Server Ports Page

Copyright © 2004, Oracle. All rights reserved.

Application Server Ports Page Use the Application Server ports page to view a list of all the ports currently in use by the components of this Oracle Application Server instance. This page is important when you are troubleshooting port conflicts among the various application server components. The Port Range is the range of port numbers reserved for a component when it is installed. The Port in Use is the port currently in use by the component. A link (pencil mark) to the appropriate configuration page is provided where you can modify the port settings for the component. If no link is provided, refer to the component administration documentation for more information.

Oracle Application Server 10g: Administration I 5-18

Accessing the Component Home Pages

Copyright © 2004, Oracle. All rights reserved.

Accessing the Component Home Pages Application Server Control enables you to drilldown into component home pages to manage the components. You can access the individual component from the Oracle Application Server Instance Home page. You can ensure that all the components you had opted to configure during the installation are running, by accessing the individual component pages in Application Server Control.

Oracle Application Server 10g: Administration I 5-19

Accessing the Welcome Page

1

2

3

Copyright © 2004, Oracle. All rights reserved.

OracleAS Welcome Page This page is a good starting point to validate your installation. If you do not remember the port on which Oracle HTTP Server has been installed, then have a look at the portlist.ini file under the $ORACLE_HOME/install directory. This file lists all ports that the Oracle Universal Installer has assigned during installation. Note: This file is populated during installation and is not dynamically updated. It will not reflect changes after installation to port assignments. The Oracle Application Server Welcome Page contains information about how to access the documentation and the Quick Tour from Oracle Technology Network. The right pane is divided into three regions: 1. The Release Notes region allows you to obtain the latest information according to the Oracle Application Server installation that you have performed. 2. The Oracle Enterprise Manager region links you to the Application Server Control to manage and configure your application server. 3. The New Features region contains links to obtain information about the different key features such as J2EE and Internet applications, Portal, and Wireless.

Oracle Application Server 10g: Administration I 5-20

Accessing OracleAS Portal Welcome Page
• • Enter the following URL:
http://hostname.domain:port/pls/portal

Log in as the portal user with the password used for ias_admin user.

Copyright © 2004, Oracle. All rights reserved.

Accessing OracleAS Portal Welcome Page If you selected an installation type that includes OracleAS Portal, then you can verify whether OracleAS Portal has been successfully installed and configured. To access OracleAS Portal Welcome page, enter the following URL in your browser: http://hostname.domain:port/pls/portal where hostname.domain is the fully qualified name of the machine on which you have installed OracleAS middle-tier and port is the port number of the OracleAS middle-tier instance. You can log on to the portal by clicking the Login link on the Welcome page. Use portal as username and the password that you have specified for the ias_admin user during the installation.

Oracle Application Server 10g: Administration I 5-21

Accessing OracleAS Reports Services
Enter the following URL:
http://hostname.domain:port/reports/rwservlet

Copyright © 2004, Oracle. All rights reserved.

Accessing OracleAS Reports Services If you selected an installation type that includes OracleAS Reports Services, then you can verify whether this component has been successfully installed and configured. To access OracleAS Reports Services page, enter the following URL in your browser:
http://hostname.domain:port/reports/rwservlet

where hostname.domain is the fully qualified name of the machine on which you have installed OracleAS middle tier, and port is the port number of the OracleAS middle-tier instance. For example in the installation shown on screen, the OracleAS Reports Services is accessed using the URL:
http://edcdr6p1.us.oracle.com:7779/reports/rwservlet

Oracle Application Server 10g: Administration I 5-22

Accessing OracleAS Forms Services
Enter the following URL:
http://hostname.domain:port/forms90/f90servlet

Copyright © 2004, Oracle. All rights reserved.

Accessing OracleAS Forms Services If you selected an installation type that includes OracleAS Forms Services, then you can verify that this component has been successfully installed and configured. You should also install the Jinitiator for your platform before using the OracleAS Forms thin client. To access OracleAS Forms Services page, enter the following URL in your browser:
http://<hostname.domain>:<port>/forms90/f90servlet

where <hostname.domain> is the fully qualified name of the machine on which you have installed OracleAS middle-tier, and <port> is the port on which the OHS of the OracleAS middle-tier instance is operational.

Oracle Application Server 10g: Administration I 5-23

Summary
In this lesson, you should have learned how to: • Describe the Oracle Application Server installation types • Describe the requirements for different installation types • Perform preinstallation tasks • Install BI and Forms type installation • Verify completion of the installation • Access the installed OracleAS middle-tier components

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 5-24

Using Oracle Application Server Management Tools

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Start and stop Application Server Control • Access OracleAS Component pages of the Application Server Control • Start and stop an OracleAS instance or a component using:
– Application Server Control – Oracle Process Monitoring and Notification interface (opmnctl)

•

Use dcmctl utility to obtain configuration information
Copyright © 2004, Oracle. All rights reserved.

Overview The role of an Oracle Application Server administrator is to maintain an integrated, efficient, and secure application server enterprise. This includes many tasks, some of which can be performed more easily with Oracle Application Server. The Oracle Enterprise Manager Application Server Control is the primary tool for administering, configuring, and monitoring Oracle Application Server and its components. Using the Application Server Control, you can also perform tasks such as deploying applications, managing security, and creating and managing clusters.

Oracle Application Server 10g: Administration I 6-2

Oracle Application Server: Overview
• The Oracle Enterprise Manager Application Server Control provides monitoring and administration capabilities for each instance of Oracle Application Server. Using Oracle Application Server, you can manage:
– Services such as hosts, databases, application servers, and Web applications – Hardware and software configurations across your enterprise

•

•

Oracle Enterprise Manager 10g Application Server Control enables the management of Oracle Application Server installations.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server: Overview The Oracle Enterprise Manager Application Server Control provides monitoring and administration capabilities for each instance of Oracle Application Server.The Application Server Control consists of a series of home pages, which allow you to manage an Oracle Application Server instance from your Web browser. Using the Enterprise Manager Application Server Control, you can manage: • A single Oracle Application Server instance, including all of its components and applications • A group of Oracle Application Server instances that share and take advantage of a common Oracle Application Server configuration repository (also known as a farm) • Oracle Application Server clusters, which allow you to streamline the process of configuring and deploying Web applications across multiple Oracle Application Server instances The Enterprise Manager Application Server Control is installed as part of any Oracle Application Server installation on the application server host computer.

Oracle Application Server 10g: Administration I 6-3

Application Server Control
OracleAS Installation 1

bi
Mgmt Agent for OracleAS

OracleAS Installation 2

infra
Mgmt Agent for OracleAS

Copyright © 2004, Oracle. All rights reserved.

Application Server Control Application Server Control comprises the Management Agent for OracleAS and Application Server Control interface. The Application Server Control is installed along with each Oracle Application Server installation. Oracle Application Server provides a home page for each component of Oracle Application Server. Each home page provides the information that you need to monitor the performance and availability of Oracle Application Server from a particular point of view or level of management detail. Selected home pages also provide tools for configuring your Oracle Application Server components. Consider the following home pages when you use the Application Server Control: • Use the Farm Page to view a set of related Oracle Application Server instances on your network and to create clusters. • Use the OracleAS Instance Home page to manage all aspects of an individual OracleAS instance. • Drill down to a component Home page to monitor or to configure an individual component of the Oracle Application Server. For example, use the Oracle HTTP Server Home page to monitor the performance of your Web server, or use the OC4J Home page to deploy a custom Web-based application.
Oracle Application Server 10g: Administration I 6-4

The emctl Utility
• You can use emctl to start, stop, or check the status of Application Server Control.
$> emctl start iasconsole $> emctl stop iasconsole $> emctl status iasconsole

•

When you start or stop Application Server Control, the management agent for Oracle Application Server is also started or stopped.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Command-Line Utility emctl Each Oracle Application Server installation has its own Application Server Control. The Application Server Control process is started at the end of your Oracle Application Server installation. You may need to start it manually after each system boot. You can also create a script to start it automatically during system boot. To start Application Server Control: Log in to the account that you used to install Oracle Application Server and enter the following command:
$> $ORACLE_HOME/bin/emctl start iasconsole

When you start the Application Server Control, the management agent for Oracle Application Server is also started automatically. Similarly when you stop the Application Server Control, the management agent for Oracle Application Server is also stopped. To stop the Application Server Control, enter the following command:
$> $ORACLE_HOME/bin/emctl stop iasconsole

To check whether the Application Server Control is up and running, use the following syntax:
$> $ORACLE_HOME/bin/emctl status iasconsole Oracle Application Server 10g: Administration I 6-5

Using Application Server Control
• • Each Oracle Application Server installation has its own Application Server Control. You should start the Application Server Control process with the emctl utility before using the Application Server Control. emctl start iasconsole You can get the Application Server Control port from the setupinfo.txt file in the $ORACLE_HOME/install directory. Invoke the Web browser and access Application Server Control using the following URL: http://<hostname>:<emport>
Copyright © 2004, Oracle. All rights reserved.

•

•

Using Application Server Control Each Oracle Application Server installation has its own Application Server Control. You must start the console process for the Application Server Control before you can start managing your OracleAS instance using Application Server Control. To start the process: • Log in to the bin directory of your Oracle Application Server installation • Start Application Server Control using the command emctl start iasconsole The management agent for OracleAS is also started and stopped with the Application Server Control. To access the Application Server Control, you invoke a Web browser and access the URL:
http://<hostname>:<em_port>

For example, on a system with the fully qualified name: edcdr6p1.us.oracle.com, and the port used by the process 1810, you access the Application Server Control using the URL:
http://edcdr6p1.us.oracle.com:1810

Oracle Application Server 10g: Administration I 6-6

Application Server Control: Home Pages
Application Server Control provides different home pages: • OracleAS Farm page:
– One or more OracleAS instances that are associated with a common configuration repository

•

OracleAS Instance Home page:
– A single OracleAS instance, either as a drill down from the Farm page or an instance that is not associated with the same configuration repository.

•

OracleAS Component Home page: Available as a drill down from any of the above home pages

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Home Pages The slide describes the Enterprise Manager Home page that form the starting point when you first navigate to the Oracle Application Server: • The OracleAS Instance Home page can be used to monitor and configure a single OracleAS instance. • The OracleAS Farm page enables you to view a list of all Oracle Application Server instances that are associated with a particular configuration repository. • The Component Home page, such as Oracle HTTP Server Home page, are used to view, monitor, or configure an individual component of the application server. For example, use the Oracle HTTP Server Home page to monitor the performance of your Web server, or use the OC4J Home page to deploy a custom Web-based application. Drill down to the Component Home page from an Instance Home page.

Oracle Application Server 10g: Administration I 6-7

OracleAS Farm Page

Copyright © 2004, Oracle. All rights reserved.

OracleAS Farm Page If you have installed one or more components that require OracleAS Infrastructure, or you have OracleAS instances associated with a common configuration repository, then your start page for the Application Server Control is the OracleAS Farm page. The Farm page displays a list of the stand-alone OracleAS instances and OracleAS clusters that are associated with the configuration repository. The configuration repository can be file-based or in OracleAS Metadata Repository. The following are the advantages of using the Farm page: • You can view, compare, and monitor multiple Oracle Application Server instances on multiple hosts. • You can drill down to the OracleAS Instance Home page for each instance. • You can create and manage Oracle Application Server clusters.

Oracle Application Server 10g: Administration I 6-8

OracleAS Instance Home Page

Copyright © 2004, Oracle. All rights reserved.

OracleAS Instance Home Page The slide shows the OracleAS Instance Home page that provides general information about the OracleAS instance. It has two charts, one chart shows the memory usage and the other, the CPU usage. The components are listed in the form of a table . There are four pages, Home, J2EE Applications, Ports, and Infrastructure. The Home page is the first entry point. The Home page contains the following sections: • General Section: This section contains status of the OracleAS instance, the name of the machine that hosts this instance, the installation type, the Oracle Home location and the Farm this instance is associated with. • System Components: The System Components section contains a table that provides the status of the components of OracleAS instance. This section shows only the components that are enabled in the OracleAS instance. Disabled components are not shown. Using the link in the Name column of the table, you can access the component Home page of the Application Server Control.

Oracle Application Server 10g: Administration I 6-9

Starting, Stopping, and Restarting OracleAS Instances

Copyright © 2004, Oracle. All rights reserved.

Starting, Stopping, and Restarting OracleAS Instances If you start an OracleAS instance using the OracleAS instance Home page, then all the enabled components are activated. If you start an instance when some components are already started, then the remaining components will also be started. Stopping an instance using the Instance Home page stops all running components. Restarting an instance using the Instance Home page stops any components that are running and starts all components. To start, stop, or restart all the components of OracleAS instance: 1. Navigate to the OracleAS Instance home page. 2. In the General region, click the appropriate button. You can use the System Components table to review the status of each component and confirm whether the component is running or not.

Oracle Application Server 10g: Administration I 6-10

Oracle Application Server Component Home Pages
Each Oracle Application Server component has its own Home page with the following elements: • General information section:
– Providing state information – Buttons for starting and stopping

• • •

Status information:
– Showing CPU and memory usage

Component-specific information Links to administrative functions

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server Component Homepages Each of the Oracle Application Server components has its own home page in Application Server Control that has the following common elements: • A general information section that includes an icon that indicates the current state of the application and provides buttons for starting and stopping the component • Status information, including CPU and memory usage charts that you can use to get a snapshot of how the component is performing • Component-specific information, such as a list of Virtual Hosts on the HTTP Server Home page or a list of deployed applications on the OC4J Home page • Links to administrative functions where appropriate that you can use to modify the configuration of selected components. In most cases, this means that you can use a graphical user interface to modify complex configuration files. The different component home pages are discussed in detail later when covering the components such as the Oracle HTTP Server or OC4J.

Oracle Application Server 10g: Administration I 6-11

Starting, Stopping, and Restarting Components

Copyright © 2004, Oracle. All rights reserved.

Starting, Stopping, and Restarting Components Each component of Oracle Application Server can be started, stopped, and restarted from either the System Components table on the OracleAS Instance Home page, or the home page of the component. Additionally, all components can be started, stopped, and restarted using the command-line instructions. This screenshot in the slide shows how to start a component from the OracleAS Instance Home page. 1. Display the OracleAS Instance Home page. Scroll down to the System Components table. 2. Select the component by selecting the check box to its left. Some components can be managed from their home pages. To access the home page, click the component instance name in the Name column. 3. Click the appropriate button at the top right of the System Components table to start, or to stop the component. If you are on the component home page, you can click the appropriate start, stop, or restart button.

Oracle Application Server 10g: Administration I 6-12

Obtaining Common Metrics About Oracle Application Server

Copyright © 2004, Oracle. All rights reserved.

Obtaining Common Metrics About Oracle Application Server The OracleAS Instance Home page also provides information on two important metrics in the Application Server metrics region: • CPU Usage (%) The pie chart in the slide shows the percentage of the central processing unit (CPU) currently in use by the selected OracleAS instance or OracleAS component. The CPU usage for an OracleAS instance includes the total CPU usage of all the components of Oracle Application Server. • Memory Usage (MB) The pie chart shows the usage of memory by OracleAS instance or OracleAS component. The memory usage of an OracleAS instance includes the total memory used by all the components.

Oracle Application Server 10g: Administration I 6-13

Log Viewer

Copyright © 2004, Oracle. All rights reserved.

Log Viewer The Application Server Control’s Log Viewer capabilities provide a unified view of logs from different components of Oracle Application Server. From a single HTML interface, you can quickly select one or more components from which you would like to see log files. All associated log files are then displayed for the selected component(s), and you can directly search the log as needed. Advanced search capabilities are also available that allow you to further restrict the list of log files to those that apply only to your current task or responsibility. For example, from an advanced search you can choose to display only those log files that affect a particular J2EE application.

Oracle Application Server 10g: Administration I 6-14

Obtaining Information About the Host Computer

Copyright © 2004, Oracle. All rights reserved.

Obtaining Information About the Host Computer Besides monitoring how your OracleAS software is running, you can also review the status of the host computer where OracleAS is installed. By reviewing the host statistics on a regular basis, you can troubleshoot existing performance problems, or prevent performance problems from happening in the future. To review the status of your Oracle Application Server host, perform the following steps: 1. Navigate to the OracleAS Instance Home page. 2. In the General region of the page, click the name of the host computer. Enterprise Manager displays the Host home page. For more information, click Help at the top of the page.

Oracle Application Server 10g: Administration I 6-15

OracleAS Host Home Page

Copyright © 2004, Oracle. All rights reserved.

OracleAS Host Home Page The following are the main regions of the OracleAS Host home page: • General: Contains general information about the host computer, including whether or not the system is up and running, the operating system, the disk capacity, and memory • Load: Contains the CPU usage chart and a list of performance metrics you can use to determine the overall health of the system. When you click the value of a metric, Application Server Control displays the Metric page that reveals metric statistics and a time-based chart. • Targets: Lists the OracleAS components (or targets) that are currently installed on this host. Click the name of the target to display the Enterprise Manager page for that component. • Real-Time Metrics: Contains a set of links to help you analyze the current available disk space, number of users, and other real-time statistics that can affect the overall performance of your application server. Each page that contains real-time data can be refreshed to display the most recent data. • Open Telnet Session: Click this button to open a telnet session on the host computer. After you log in, you can use the operating system command line to learn more about the status and performance of the host computer.
Oracle Application Server 10g: Administration I 6-16

Enabling SSL for Application Server Control
You can SSL enable Application Server Control for better security.
1. Stop Application Server Control 2. Secure Application Server Control

3. Start Application Server Control

Copyright © 2004, Oracle. All rights reserved.

Enabling SSL for Application Server Control You can secure the communications with the Application Server Control, and provide HTTPS browser access to Application Server Control. The command emctl secure em enables HTTPS and Public Key Infrastructure (PKI) components, including signed digital certificates, for communications between Application Server Control and the local Management Agent. To configure security for Application Server Control: • Stop Application Server Control using the command:
$ $ORACLE_HOME/bin/emctl stop iasconsole

• •

Secure the Application Server Control using the command:
$ $ORACLE_HOME/bin/emctl secure em

Enterprise Manager secures Application Server Control. Start Application Server Control using the command:
$ $ORACLE_HOME/bin/emctl start iasconsole

Test the security of Application Server Control using the HTTPS instead of HTTP in the URL to access the Application Server Control. For example:
https://edcdr6p1.us.oracle.com:1810/

Oracle Application Server 10g: Administration I 6-17

Oracle Process Management and Notification Server
• Oracle Process Manager and Notification Server (OPMN) is the centralized process management mechanism of Oracle Application Server. OPMN manages all Oracle Application Server component processes except the OracleAS Metadata Repository or the Application Server Control. OPMN consists of:
– Oracle Process Manager – Oracle Notification Server – PM Modules

•

•

Copyright © 2004, Oracle. All rights reserved.

Oracle Process Management and Notification (OPMN) OPMN consists of three components that interpret and convey notification information that is sent between Oracle Application Server processes within the same or different OPMN servers. • Oracle Process Manager (PM) is the centralized process management mechanism to manage Oracle Application Server processes. It starts, stops, restarts, and detects death of these processes. The Oracle Application Server processes that PM is configured to manage are specified in the opmn.xml file. • Oracle Notification Server (ONS) is the transport mechanism for failure, recovery, startup, and other related notifications between components in Oracle Application Server. • PM Modules implement the Oracle Application Server component-specific process management functionality. The PM Modules pass notification information returned by other OracleAS component PM Modules within the same or different OPMN servers. The PM uses the ONS to: • Detect that a process has completed initialization and is ready to receive requests • Determine what ports are in use • Obtain component specific run-time information The Application Server Control also uses PM to manage processes.
Oracle Application Server 10g: Administration I 6-18

OPMNCTL Command
• • opmnctl is the command-line interface of OPMN. Use Application Server Control or the opmnctl command-line utility to start or stop Oracle Application Server components. Some opmnctl command examples:
Purpose Status of all the managed processes Start the opmn process Start opmn and the managed processes Stop opmn and the managed processes Start the Oracle HTTP Server Command opmnctl status opmnctl start opmnctl startall opmnctl stopall opmnctl startproc process-type=HTTP_Server

•

Copyright © 2004, Oracle. All rights reserved.

opmnctl Command opmnctl is the command-line utility for OPMN. The opmnctl command is located in the ORACLE_HOME/opmn/bin directory. To get the status of the processes that are managed by OPMN, use the following command:
$ ./opmnctl status

The following table lists the processes that are running on ias-instance @ host:
bi01.edcdr6p1.us.oracle.com @ EDCDR6P1 ias-component | process-type | pid | status -------------------+--------------------+-------+--------WebCache | WebCacheAdmin | 21407 | Alive WebCache | WebCache | 21406 | Alive OC4J | OC4J_BI_Forms | 21405 | Alive OC4J | OC4J_Portal | 21404 | Alive OC4J | OC4J_Demos | 21402 | Alive OC4J | home | 21401 | Alive dcm-daemon | dcm-daemon | 22358 | Alive LogLoader | logloaderd | N/A | Down HTTP_Server | HTTP_Server | 2271 | Alive Oracle Application Server 10g: Administration I 6-19

Typical Startup Sequence
Following is a typical order to start up all instances: 1. Start OracleAS Metadata Repository listener. 2. Start OracleAS Metadata Repository database. 3. Use opmnctl to start OracleAS Infrastructure instance. 4. Use emctl to start the Application Server Control of OracleAS Infrastructure instance. 5. Use opmnctl from each OracleAS middle tier instance to start the processes. 6. Use emctl from each OracleAS middle tier instance to start the Application Server Control.

Copyright © 2004, Oracle. All rights reserved.

Typical Startup Sequence Generally, each installation, based on the functionality implemented and their operational controls, would require its own startup and shutdown sequences. However, it would be better to remember some important interdependencies of the products. The OracleAS Infrastructure functions as a service provider for the middle tier installations. So it should be started before any middle tier that depends on the OracleAS Infrastructure services such as Single Sign-On, Clustering, and so on. The slide describes a very typical startup sequence.

Oracle Application Server 10g: Administration I 6-20

Typical Shutdown Sequence
Following is a typical order to shut down all instances: 1. Use emctl from each OracleAS middle tier instance to stop the Application Server Control. 2. Use opmnctl from each OracleAS middle tier instance to stop the processes. 3. Use emctl to stop the Application Server Control of OracleAS Infrastructure instance. 4. Use opmnctl to stop the OracleAS Infrastructure instance. 5. Stop OracleAS Metadata Repository database. 6. Stop OracleAS Metadata Repository listener.

Copyright © 2004, Oracle. All rights reserved.

Typical Shutdown Sequence The slide describes the sequence of shutting down the services and components of Oracle Application Server.

Oracle Application Server 10g: Administration I 6-21

Distributed Configuration Management

Copyright © 2004, Oracle. All rights reserved.

Distributed Configuration Management (DCM) Distributed Configuration Management is a management framework that enables you to manage the configurations of multiple Oracle Application Server instances. DCM enables you to: • Manage clusters and farms of Oracle Application Server instances • Manage the configuration of individual components, such as OHS instances, OC4J instances, OPMN, or Java Authentication and Authorization Service • Perform cluster-wide OC4J application deployment • Manage versions of configurations The DCM is implemented as DCM daemon and has two interfaces: • The Application Server Control for browser clients • The dcmctl utility for command-line operations The DCM daemon is associated with two types of plug-ins: • Clusterable: For OHS, OC4J, OPMN • Non-clusterable: For other application server components

Oracle Application Server 10g: Administration I 6-22

DCM and Metadata Repository
• The DCM repository contains the following:
– Topology information on Oracle Application Server instances, clusters, and farms – Configuration files for OHS, OC4J, OPMN, and Java Authentication and Authorization Service – Deployed J2EE applications

•

DCM repository is stored in two ways:
– Database: In the OracleAS Metadata Repository as DCM schema – File based: In file structure in the middle tier instance

•

You can access either type of repository using the dcmctl utility.
Copyright © 2004, Oracle. All rights reserved.

DCM and Metadata Repository Depending on the type of installation chosen for the Oracle Application Server instance, there are two types of DCM repositories. • A Database repository comprising the DCM schema is kept in the OracleAS Metadata Repository. • A File-based DCM repository is kept in a file structure in the ORACLE_HOME/dcm/repository directory. When a middle-tier instance is registered with an OracleAS Metadata Repository, the database repository is used as the repository.

Oracle Application Server 10g: Administration I 6-23

Using dcmctl
• • • dcmctl is the command-line utility to manually manage configuration of your instance. Your can use dcmctl to implement scripted control of your instance. Some examples of dcmctl commands:
Purpose List instance components Refresh configuration information from metadata repository Refresh configuration information to the metadata repository Create OC4J instance (of name oc4j_test) Command dcmctl listComponents dcmctl resysncInstance dcmctl updateConfig dcmctl createComponent –ct oc4j –co oc4j_test

Copyright © 2004, Oracle. All rights reserved.

Using dcmctl The dcmctl utility is available in the Oracle Home/dcm/bin directory in each Oracle Application Server installation. Before you use the dcmctl utility, note the following: • You must restart Oracle Application Server after you use dcmctl commands to manage clusters and farms. • You must log in to the operating system with the username that was used to install Oracle Application Server in order to use dcmctl. • The dcmctl commands operate on the instance in which the dcmctl executable is located. The value of the ORACLE_HOME environment variable does not determine the instance on which dcmctl operates. Ensure that you issue dcmctl commands in the Oracle home of the instance that you want to manage. • The dcmctl commands and options are not case sensitive. Instance, component, and cluster names are case sensitive.

Oracle Application Server 10g: Administration I 6-24

Using dcmctl in Batch Mode
• The dcmctl utility can be used to execute multiple command in a batch mode: dcmctl shell -f <script_file_name> The batch mode of the dcmctl utility can be used to perform the following non-interactively:
– Deploy applications and validate EAR files. – Archive instance configuration and deployed applications. – Restore instance to a specific configuration.

•

•

Refer to the Oracle Application Server documentation set to get more information on how to use dcmctl in batch mode.
Copyright © 2004, Oracle. All rights reserved.

Using dcmctl Shell You can execute dcmctl commands from within the dcmctl shell. Within the shell, it is not necessary to preface commands with dcmctl. To start the dcmctl shell, type:
dcmctl shell

Following is the content of a script to create an application server cluster, join an OracleAS instance to the cluster, create an OC4J instance in the cluster, deploy an application to the clustered instance and stop the shell.
$ cat create_n_deploy.sh createcluster -cl testcluster joincluster -cl testcluster start -cl testcluster createcomponent -ct oc4j -co component1 start -co component1 deployapplication -f /stage/apps/app1.ear -a app1 -co component1 exit

To execute the script create_n_deploy.sh, you can use the following command.
dcmctl shell –f create_n_deploy.sh

Oracle Application Server 10g: Administration I 6-25

Management Tasks: Tools
Application dcmctl Server Control Start / stop/ restart instance and components Start / stop/ restart Clusters Create OC4J instance Create / join clusters Deploy / undeploy / redeploy applications Enable / disable components Status (up/down) of instance and components Backup and restore configurations Configure installed (but unconfigured) components Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes opmnctl

Yes Yes

Copyright © 2004, Oracle. All rights reserved.

Management Tasks: Tools The slide summarizes the appropriate tools for the management tasks.

Oracle Application Server 10g: Administration I 6-26

OracleAS Hi-Av Tool (iHAT)
• iHAT is a monitoring tool that provides a graphic snapshot of all processes managed by OPMN:
– Grid View: Status of all OracleAS Instances in a single window – Instance View: Complete process topology view of Oracle Application Server – Routing View: Monitor routing relationships between OHS and OC4J

• •

To invoke iHAT, use the command
– java –jar ihat.zip <host>:<port>

Full list of iHAT options can be obtained with:
– java -jar ihat.zip -h

Copyright © 2004, Oracle. All rights reserved.

OracleAS High Availability Tool (iHAT) Oracle Application Server high availability infrastructure centered around the Oracle Process Management and Notification (OPMN). The OracleAS Hi-Av tool (iHAT) complements the services provided by the OPMN and provides a real time view of the system. iHAT displays all processes managed by a set of OPMN servers including useful performance metrics about each process. The snapshot of the system is updated continuously at a configurable interval. The iHAT utility available in the labs is obtained from the Oracle Technology Network (http://otn.oracle.com/products/ias/ias_utilities.html), and is not a part of Oracle Application Server. The iHAT utility is for sample use and is provided “AS-IS”; Oracle disclaims all express and implied warranties, including, the implied warranties of merchantability or fitness for a particular use. Oracle shall not be liable for any damages, including, direct, indirect, incidental, special or consequential damages for loss of profits, revenue, data or data use, incurred by you or any third party in connection with the use of this utility.

Oracle Application Server 10g: Administration I 6-27

Monitoring with iHAT

Copyright © 2004, Oracle. All rights reserved.

Monitoring with iHAT To enable iHAT to provide the snapshots, specify the Allow directive to permit machine on which iHAT is running in the following locations: • The /dms0 location in httpd.conf file, and • The /oc4j-service and /dmsoc4j locations in mod_oc4j.conf file. To invoke iHAT, use the command: java -jar ihat.zip <host>:<port> The port that should be used to connect to the opmn server is the port specified in the request attribute of the port element in the $ORACLE_HOME/opmn/conf/opmn.xml file.

Oracle Application Server 10g: Administration I 6-28

Summary
In this lesson, you should have learned how to: • Start and stop Application Server Control • Access OracleAS Component pages of the Application Server Control • Start and stop an OracleAS instance or a component using:
– Application Server Control – Oracle Process Monitoring and Notification interface (opmnctl)

•

Use Distributed Configuration Management Control (dcmctl) utility to manage configuration information

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 6-29

Managing the Oracle Internet Directory

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Explain Directory and LDAP concepts • Describe Oracle Internet Directory (OID) • Explain Oracle Internet Directory architecture • Start and stop Oracle Internet Directory processes • Identify various OID command-line tools • Connect to and disconnect from the Directory by using Oracle Directory Manager

Copyright © 2004, Oracle. All rights reserved.

Objectives This lesson will introduce you to the basic concepts of LDAP and Oracle Internet Directory server. You will learn about the architecture and processes of Oracle Internet Directory sever. You will be also learn to use different command-line tools and Oracle Directory Manager to manage Oracle Internet Directory data.

Oracle Application Server 10g: Administration I 7-2

What Is a Directory?
A directory is: • A special-purpose distributed database • Entry oriented • Used for storing and retrieving entries Applications that use directory services include: • E-mail address books • Corporate white papers store • Centralized applications for managing credentials and privileges • Applications that configure and manage system resources
Copyright © 2004, Oracle. All rights reserved.

What Is a Directory? A directory is a special-purpose database that stores concise information, which can be searched easily. For daily activities, you use manual directories such as phone book, telephone directory, yellow pages, and so on. Similarly, you can use an online directory on the Internet to store small scale of data that needs faster access. The data that is stored in the directory is mostly read or searched and is seldom modified. The data is stored in the directory in the form of entries. Entries include the data that is stored in the directory. The applications that use online directories include the following: • E-mail address book: Perhaps the most familiar directory application is the e-mail address book. Most e-mail systems provide a way for users to search for e-mail addresses by giving a username. • Corporate white papers: Directory services can be used to deploy an online, white papers directory service. The idea was to replace paper-bound corporate directories with an online service that is easily searchable and always up-to-date.

Oracle Application Server 10g: Administration I 7-3

What Is a Directory? (continued) • A centralized application for managing credentials and privileges: Management of user credentials, preferences, and privileges represents yet another use for directories in the enterprise environment. Here directories can add value by providing system administrators with a central repository for managing user access to the various applications running in the enterprise. • Applications that configure and manage system resource: Several system and networking hardware vendors are working together in an industry working group called Directory Enabled Networks (DEN), with the goal of defining standard data structures that will allow network administrators to configure all kinds of networking devices through a centralized directory service.

Oracle Application Server 10g: Administration I 7-4

Lightweight Directory Access Protocol (LDAP)
• • LDAP is a lightweight implementation of the Directory Access Protocol (DAP). LDAP features include:
– – – – – – Standards-based protocol Distributed servers Scalability and extensibility Security Data consolidation Fast searches

Copyright © 2004, Oracle. All rights reserved.

Lightweight Directory Access Protocol LDAP was conceived as an Internet-ready, lightweight implementation of the Directory Access Protocol (DAP), which is based on International Standard Organization’s X.500 standard for directory services. The LDAP standard simplifies the management of directory information by providing all users and applications in the enterprise with a single, well-defined standard interface to an extensible directory service. This allows a much easier rapid development and deployment of directory-enabled applications. Benefits of LDAP • Standards-based protocol: LDAP is an Internet Engineering Task Force (IETF) standard. IETF creates and evolves guidelines and syntaxes for information, security, and data storage models. LDAP provides standard APIs for C and Java. It also supports PERL, TCL, Python, PHP3, VB, and others. • Distribution servers: LDAP directories can be distributed among several servers. The servers are replicated versions of the main LDAP server and are synchronized periodically. This also provides high availability.

Oracle Application Server 10g: Administration I 7-5

Lightweight Directory Access Protocol (continued) • Scalability and extensibility: LDAP servers need to be highly scalable in order to hold exponentially increasing volumes of common data for a growing community of subscribing applications without been rewritten. • Security: The LDAP protocol provides mechanisms for both authentication and confidentiality of data transmission. • Data consolidation: An LDAP directory can be used as a single source of information. By using LDAP, you can reduce the amount of data by avoiding duplication. • Fast searches: LDAP servers are well tuned for search performance. Because there are more reads than writes against the typical LDAP data, LDAP servers can provide indexes and caches to further improve performance.

Oracle Application Server 10g: Administration I 7-6

LDAP Components
An LDAP directory is organized in the form of a simple hierarchical tree known as Directory Information Tree (DIT).

Directory Information Tree

Attributes

Copyright © 2004, Oracle. All rights reserved.

LDAP Components Data in an LDAP directory is stored in the form of entries. Each entry in an online directory is uniquely identified by a distinguished name (DN). The distinguished name tells you exactly where the entry resides in the directory hierarchy. This hierarchy is represented by a directory information tree (DIT). Each entry consists of one or more attributes. An entry is an instance of an object class. The example above shows a directory information tree for a company named Acme. The tree has two branches. The left branch represents Anne Smith who works in sales, in the US. The other branch represents the Anne Smith who works in server development, in the UK. Both branches share a common node, called root. • The branch on the right proceeds downward as follows: beginning from the top node, called root, to o=acme, then to c=uk, then ou=Server Development, and, finally, to cn=Anne Smith. • The left branch proceeds similarly: from the root node to o=acme, to c=us, to ou=Sales, and, finally, to cn=Anne Smith. The details of about entries and attributes are in the next page.

Oracle Application Server 10g: Administration I 7-7

LDAP Components (continued) Entries In a directory, each collection of information about an object is called an entry. For example, a typical telephone directory includes entries for people, and a library card catalog contains entries for books. Each entry in an online directory is uniquely identified by a distinguished name (DN). You can compare an entry with a row in a table. Similarly, a DN can be compared with a primary key used to identify the row in the table. The distinguished name tells you exactly where the entry resides in the directory hierarchy. This hierarchy is represented by a directory information tree (DIT). Each component of the DN is called a relative distinguished name (RDN). Attributes Attributes are properties that define an entry. Each attribute has an attribute type and attribute value. For example cn represents common name attribute, c represents country attribute, and dc represents domain components attribute of the entry. Object Class An object class is a group of attributes that define the structure of an entry. When you define a directory entry, you assign one or more object classes to it. Some of the attributes in these object classes are mandatory, others are optional. All entries that are associated with the same object class share the same attributes.

Oracle Application Server 10g: Administration I 7-8

Oracle Internet Directory (OID)
• Oracle Internet Directory is Oracle’s implementation of LDAP version 3 directory service. OID provides directory services to the Oracle database and the Oracle Application Server. OID can support millions of entries and thousands of concurrent client accesses on a single directory node. OID implements sophisticated security management with a robust security model for protecting data from unauthorized access by LDAP clients.
Copyright © 2004, Oracle. All rights reserved.

• •

•

Oracle Internet Directory OID implements version 3 of LDAP. As Web applications and thin-clients become more and more popular, you can use OID server to store lightweight and sparingly updatable data. This data can be accessed by any LDAP-enabled application instantly and at a very high speed. OID is not a security product, but rather a technology for managing enterprise data— including security data such as usernames and passwords—for the Oracle10g product stack. The OID server is highly scalable and can support a huge number of entries and concurrent users from a single node. As OID is implemented on Oracle10g database it takes advantage of database scalability. OID can also take advantage of Oracle Real Application Clusters to make it more scalable and more highly available. Oracle Internet Directory is a secure platform for managing directory information. It implements the following three levels of directory user authentication: • Anonymous • Password-based • Certificate-based through secure sockets layer (SSL)

Oracle Application Server 10g: Administration I 7-9

Security Benefits of OID
OID provides the following security benefits: • Data integrity • Data confidentiality • Password protection • Data access control

Copyright © 2004, Oracle. All rights reserved.

Security Benefits of OID OID provides the following security benefits: Security benefit Data integrity Data confidentiality Password protection Data access control Description OID uses SSL to ensure that data has not been modified, deleted, or replayed during transmission. SSL generates a cryptographically secure message digest, through cryptographic checksums, and includes it with each packet sent across the network. OID ensures that data is protected against undesired disclosure during transmission by using encryption available with SSL. To protect passwords, OID uses the MD4 algorithm as the default. MD4 is a one-way hash function that produces a 128-bit hash, or message digest. OID supports access control down to the attribute level for read, write, or update of attributes.

Oracle Application Server 10g: Administration I 7-10

OID Architecture Overview

Oracle Database

Copyright © 2004, Oracle. All rights reserved.

OID Architecture Overview An OID server is implemented as an application running on the Oracle10g database. Clients communicate with OID using the LDAP protocol. OID server processes use Oracle Net Services to communicate with the database. Directory administration can be performed with Application Server Control and the SelfService Console, Oracle Directory Manager, or command-line tools.

Oracle Application Server 10g: Administration I 7-11

OID Server Instance Architecture
LDAP Server Instance Oracle Directory Server Oracle Directory Server Oracle Directory Server Oracle Net Oracle Net Listener/ Dispatcher

LDAP Requests LDAP Clients

OID Listener/ Dispatcher

Oracle Net

Oracle Database

Oracle Net

Copyright © 2004, Oracle. All rights reserved.

OID Server Instance Architecture The OID server instance architecture has the following components: • OID Listener/Dispatcher: This process listens to LDAP requests from all LDAP clients at a designated port. • Oracle directory server processes: The listener/dispatcher forwards the LDAP request to the Oracle directory server that, in turn, creates a server process. The number of server processes that are to be created is determined by the ORCLSERVERPROCS configuration parameter, the default value of which is 1. The processes are multithreaded, therefore a thread is provided for each client request. • Database connections: Each server process has a database connection. The connection is spawned as required, depending on the value of the ORCLMAXCC configuration parameter; the default value is 10. The server processes communicate with the data server through Oracle Net Services. Oracle Net Services passes the request to the Oracle10g database server through the Oracle Net Service listener/dispatcher.

Oracle Application Server 10g: Administration I 7-12

OID Node Architecture Components
Oracle Directory Manager LDAP Oracle Directory Server Instance 1 non SSL port 389 Oracle Directory Server Instance 2 SSL Enable port 636 OID Control Utility (oidctl) LDAP Oracle Directory Replication Server

OS OS

OS OID Monitor (oidmon) Oracle Net

Oracle Net Oracle Net

Oracle Net
Oracle Database

Copyright © 2004, Oracle. All rights reserved.

OID Node Architecture Components Each OID node is a collection of processes that communicate with the client to execute requests for data. The node is monitored by the OIDMON process and controlled by the OIDCTL process. Each OID node consists of the following components: • Oracle Directory Server Instance: Directory server instances listen for requests from the LDAP client, fetch information from the database, and return it to the client. Every directory server instance has one dispatcher process and one or more server processes. The dispatcher process receives the LDAP request from the LDAP client on a specific TCP/IP port. The dispatcher and the server processes are multithreaded. There can be more than one directory server instance on a node, listening on different ports. • Oracle Directory Replication Server: The replication server ensures availability of data at all times. A copy of the data that resides on the primary OID, called “supplier,” is stored in another OID server called “consumer.” This task of copying is performed by the replication server on the supplier node. If the first server is down, then the clients can be forwarded to the consumer server that contains the same data as the first one. There can be only one replication server on a node. The replication server tracks and sends changes to the replication server in another Oracle Internet Directory server.

Oracle Application Server 10g: Administration I 7-13

OID Node Architecture Components (continued) • Oracle Database: The database stores all the directory data of Oracle Internet Directory. It is recommended to use a separate and dedicated database for OID. • OID Monitor Utility: This utility controls the OID server processes. It initiates, monitors, and terminates the processes. It also controls the replication server, if the replication server is installed on the node. When commands are issued through the OID Control utility (OIDCTL), they are interpreted and processed by the OID Monitor utility (OIDMON). OID Monitor restarts the server processes whenever they are stopped because of abnormal reasons. When it starts (or stops) the server, it adds (or deletes) an entry to (or from) the directory instance registry and updates data in a process table. All the activities of the OID Monitor utility are logged in the ORACLE_HOME/ldap/log/oidmon.log file. • OID Control Utility: The server instance processes are started and stopped by this utility. The OID Control utility communicates with OID Monitor by placing message data in OID server tables, which also includes the configuration parameters to start the instance. The communication between the Oracle database and OID Control utility, server instances, and OID Monitor utility takes place on Oracle Net Services. LDAP is used for the communication between the directory server instance, the Oracle Directory Manager, and the Oracle directory replication server. The server instances and the replication server connect to OID Monitor utility through the operating system (OS). The server instances and the replication server communicate through LDAP.

Oracle Application Server 10g: Administration I 7-14

OID Server Processes
• • You can connect to the OID server only if the OID server instance is running. To start the OID server, you must start the OID server processes in the following sequence:
– Start the OID Monitor utility. – Start the server Instances using the OID Control Utility.

•

You must stop the OID server by stopping the OID processes in the following sequence:
– Stop the server instance using OID Control. – Stop OID Monitor.

Copyright © 2004, Oracle. All rights reserved.

OID Server Process You can connect to an OID server only if the OID server instance is up and running. You can start an OID server instance by starting the following OID server process in the given sequence: • Start the OID Monitor process • Start an OID server instance process using OID Control utility You can start more than one OID server instance to accommodate increasing number of users accessing the directory server. The new instances added must be started on different ports. To shut down the OID server, you must stop the OID server instance first followed by the OID Monitor process.

Oracle Application Server 10g: Administration I 7-15

Starting OID Monitor Process
• The OID Monitor process must be running to process commands to start and stop the OID server instance using OID Control utility. To start the OID Monitor:
– Set the NLS_LANG to a UTF8 appropriate language – Set the TNS_CONNECT String oidmon connect=OID1 sleep=20 start

•

Copyright © 2004, Oracle. All rights reserved.

Starting OID Monitor Process You must start the OID Monitor process before starting any OID server instance. The OID Monitor process monitors all the OID server instances that are running and tries to recover them in case any of the server instances fail. Syntax for Starting the OID Monitor Process oidmon [connect=net_service_name] [sleep=seconds] start Where: • Connect=net_service_name specifies the net service name of the database to which you want to connect, that is, the database where OracleAS Infrastructure is installed. This network service name is set in the tnsnames.ora file. This is an optional argument. • sleep=seconds specifies the number of seconds after which the OID Monitor should check for new requests from OID Control and request to restart any servers that may have stopped. The default sleep time is 10 seconds. This argument is optional. • start starts the OID Monitor process Example In the example, an OID Monitor process is started that connects to the database with the network service name of OID1 and checks for new OID Control requests every 20 seconds.
Oracle Application Server 10g: Administration I 7-16

Starting Oracle Internet Directory Server Instance
• • You can start an OID server instance only if the OID Monitor process is running. Use the OIDCTL utility to start the OID server instance.

oidctl connect=OID1 server=oidldapd instance=2 configset=3 flags='-p 3062 -debug 1024 -l' start

Copyright © 2004, Oracle. All rights reserved.

Starting OID Server Instance You use OIDCTL utility to start the OID server instance. You must ensure the OID Monitor is already running. Syntax for Starting the OID Server Process oidctl connect="net_service_name" server=oidldapd instance=server_instance_number [configset=configset_number] [flags=' -p port_number -debug debug_level -l change_logging' -work maximum_number_of_worker_threads_per_server -server number_of_server_processes] start Where: • connect=net_service_name is the net service name specified in that file, located in ORACLE_HOME/network/admin, if you already have a tnsnames.ora file configured. It points to the OracleAS Infrastructure database. • server=oidldapd is the type of server to start (valid values are OIDLDAPD and OIDREPLD). This is not case sensitive. • instance=server_instance_number is the instance number of the server to start. You should specify a number between 1 and 1000.
Oracle Application Server 10g: Administration I 7-17

Starting OID Server Instance (continued) • configset=configset_number is the configset number used to start the server This defaults to configset0 if not set. This should be a number between 0 and 1000. The configuration parameters for each Oracle directory server instance are stored in a directory entry called a configuration set entry, or configset. Configuration set entries contain the server instance parameters, which are used by the OID Control utility to start the server instance. The default configuration set entry is configset0. You can create or modify a configuration set entry by using Oracle Directory Manager. -p port_number specifies a port number during server instance startup. The default port number is 389. -work maximum_number_of_worker_threads_per_server specifies the maximum number of worker threads for this server -debug debug_level specifies a debug level during Oracle directory server instance startup. For more information about debug levels, refer to Chapter 10 of Oracle Internet Directory Administrator's Guide Release 9.0.4. -l change_logging turns replication change logging on and off. To turn it off, specify a value of -l. To turn it on, specify one of the following: - omit the -l flag - enter simply –l - enter -l true -server number_of_server_processes specifies the number of server processes to start on this por start starts the server specified in the server argument

• • •

•

• •

Example oidctl connect=OID1 server=oidldapd instance=2 configset=3 flags='-p 4032 -debug 1024 -l' start The example above starts a directory server instance whose net service name is OID1, using configset3, at port 4032, with a debug level of 1024, an instance number 2, and in which change logging is turned off. Guidelines • The server and instance argument are mandatory. All other parameters are optional. • All keywords/value pairs within the flags parameter must be separated by a single space. • Single quotation marks are mandatory around the entire flags arguments. • If you choose to use a port other than the default port (389 for non-SSL-enabled usage or 636 for SSL-enabled usage), you should document which port to use to locate OID, because it will not represent a well-known port.

Oracle Application Server 10g: Administration I 7-18

OID Log Files
All the activities of the OID server are logged in the $ORACLE_HOME/ldap/log/ directory, which includes the following types of logs: • oidmon.log from OID Monitor • oidldapd*.log from OID LDAP servers • oidrepld*.log from OID replication servers • *.log from bulk loads

Copyright © 2004, Oracle. All rights reserved.

OID Log files The activities on the OID server are logged in the $ORACLE_HOME/ldap/log directory. A sample listing of oidmon.log:
2004/01/09:18:53:07 2004/01/09:18:53:07 2004/01/09:18:53:07 2004/01/09:18:53:07 2004/01/09:18:53:07 2004/01/09:18:53:07 2004/01/09:18:53:59 2004/01/09:18:53:59 2004/01/09:18:53:59 * * * * * * * * * NLS_LANG set to AMERICAN_AMERICA.WE8ISO8859P1 Resetting NLS_LANG to AMERICAN_AMERICA.UTF8 Connecting to database, connect string is infra Starting OIDLDAPD Server, PID=12567 Updating Process Table... OIDLDAPD Instance 1 added into registry Starting ODISRV Server, PID=12667 Updating Process Table... ODISRV Instance 1 added into registry

A sample listing of oidldapd01.log
oidldapd: Release 9.0.4.0.0 - Production on Fri Jan 9 18:50:06 2004 … 2004/01/09:18:50:06 * Main:0 * Starting up the OiD Server, on node EDT3R21P1 2004/01/09:18:50:06 * Main:0 * Oid Server Connected to DB store via infra connect string. 2004/01/09:18:50:06 * Main:0 * OiD LDAP server started. 2004/01/09:18:50:07 * Main:0 * gslsbrdCreateReplicaDN:Unable to get domain name. Secondary URI not initialized.

Oracle Application Server 10g: Administration I 7-19

Stopping OID Server Instance
• • Use the OIDCTL command to stop an OID server instance. You must ensure that the OID Monitor process is running, before stopping the OID server instance.
oidctl connect=OID1 server=oidldapd instance=2 stop

Copyright © 2004, Oracle. All rights reserved.

Stopping OID Server Instance You can use the OIDCTL command to stop a running instance of the OID server. You need to specify the number of the OID server instance that you want to stop. Before you stop the instance, you must ensure that the OID Monitor process is running. Syntax for Stopping the OID Server Instance oidctl connect=net_service_name server=oidldapd instance=server_instance_number stop Where: • connect=net_service_name is the net service name associated with the OID instances • server=oidldapd is the type of server to start (valid values are OIDLDAPD and OIDREPLD). This parameter value is not case-sensitive. • instance=server_instance_number is the instance number of the server to start. This should be the number of an existing, running instance of the type specified. • stop stops the server specified in the server argument Example The example in the slide stops the instance 2 that is connected to database OID1.
Oracle Application Server 10g: Administration I 7-20

Stopping OID Monitor Process
You can stop the OID Monitor process by using the OIDMON utility.

oidmon connect=OID1 stop

Copyright © 2004, Oracle. All rights reserved.

Stopping OID Monitor Process Do not stop OID Monitor if you are simply ending one or more directory server or replication server instances, but only if you are shutting down the LDAP service altogether. Syntax for Stopping OID Monitor Process oidmon [connect=net_service_name] stop Where: • connect=net_service_name specifies the net service name of the database to which you are connected. This is the network service name that is set in the tnsnames.ora file. • stop stops the OID Monitor process. Example The example in the slide stops the OID Monitor process that is connected to the database OID1.

Oracle Application Server 10g: Administration I 7-21

OID Command-Line Tools
OID command-line tools can be classified as following: • Bulk tools • LDAP command-line tools

Copyright © 2004, Oracle. All rights reserved.

OID Command-Line Tools Oracle Internet Directory provides both a command-line interface and a graphical interface to work with the data in the directory server. The command-line interface consists of the following tools: • Bulk tools: Bulk tools are used for creating and managing a large number of directory entries. • LDAP command-line tools: LDAP command-line tools use arguments passed through standard I/O, or text files written in LDAP Data Interchange Format (LDIF), to modify directory objects.

Oracle Application Server 10g: Administration I 7-22

Using Bulk Tools
You can use the following bulk tools to perform bulk data operation on the OID server: • bulkload • ldifwrite • bulkmodify • bulkdelete

Copyright © 2004, Oracle. All rights reserved.

Using Bulk Tools Use the bulk tools to maintain a large number of directory entries. These entries commonly come from other applications or directories. To use bulk tools on Windows environment you must install UNIX shell utilities such as Cygnus, MKS, and so on. Bulk tools include the following: • bulkload: Loads a large number of entries to OID server using an LDIF file as input. These LDIF files may be generated or extracted from third-party applications using RFC 2849 (www.ietf.org/rfc/rfc2849.txt) as a guide. • ldifwrite: Copies data from the OID directory information base into an LDIF file that can be read by any LDAP-compliant directory server. Use this LDIF file to transfer data between the directory servers. You can use ldifwrite in conjunction with bulkload. You can also use ldifwrite to back up information from all or parts of a directory. • bulkmodify: Modifies a large number of existing entries efficiently. You can change attributes common to multiple entries simultaneously, including adding a new attribute value and replacing existing values across a set of entries you specify with a simple filter. • bulkdelete: Deletes a subtree efficiently Note: For details, refer to the “Introduction to LDAP and Oracle Internet Directory” eStudy.
Oracle Application Server 10g: Administration I 7-23

Using LDAP Command-Line Tools
You can create and modify the data stored in the OID server using the following commands: • ldapadd • ldapaddmt • ldapbind • ldapcompare • ldapdelete • ldapmoddn • ldapmodify • ldapmodifymt • ldapsearch
Copyright © 2004, Oracle. All rights reserved.

Using LDAP Command-Line Tools You can manipulate the entries and the attributes in OID server by using Oracle Directory Manager or command-line tools. These commands operate on directory objects as specified on standard I/O, or by using a text file written in LDAP Data Interchange Format (LDIF) as input. The commands are as follows: • ldapadd: Used to add one or more entries from standard I/O or LDIF file • ldapaddmt: Used for adding entries concurrently using multiple threads • ldapbind: Used to authenticate a user to the directory server • ldapcompare: Used to find whether an entry contains a specific attribute value • ldapdelete: Used to delete an entry • ldapmoddn: Used to modify the DN and RDN of an entry, rename an entry or a subtree, or move an entry or subtree to a new parent • ldapmodify: Used to create, update, and delete the data in an entry • ldapmodifymt: Used to modify multiple entries at a time using multithreading • ldapsearch: Used to search for an entry in the directory Note: For details, refer to the eStudy titled “Introduction to LDAP and Oracle Internet Directory.”
Oracle Application Server 10g: Administration I 7-24

Overview of Oracle Directory Manager
• Oracle Directory Manager (ODM) is a Java-based GUI tool to maintain and administer Oracle Internet Directory data. You can use ODM for the following tasks:
– – – – – – Search, view, and maintain object classes Search and maintain an attribute Create and drop an index on an attribute Search, view, and maintain an entry Control access to OID entries Replication node management

•

Copyright © 2004, Oracle. All rights reserved.

Overview of Oracle Directory Management OID provides both GUI and command-line interface to manage data stored in the server. Oracle Directory Manager (ODM) is a GUI interface in Java, used to manage object classes, attributes, and entries. You can connect to multiple OID servers simultaneously and manage them. ODM cannot be used for: • Starting and stopping the directory monitor process • Starting and stopping the directory server instances • Starting and stopping the directory replication server instances Starting ODM To start the ODM tool, perform the following steps: • In Windows platform: From the Start menu, select Programs > Oracle-OID_Home > Integrated Management Tools > Oracle Directory Manager. • In UNIX flavors: Change to the bin directory under the corresponding Oracle Home directory. Enter oidadmin at the system prompt.

Oracle Application Server 10g: Administration I 7-25

Connecting to the OID Server
To connect to an OID server, you must specify: • OID server host name • OID server port

Copyright © 2004, Oracle. All rights reserved.

Connecting to the OID Server When you start Oracle Directory Manager the first time, an alert appears which indicates that you must select a server and the port where Oracle Directory Server instance is running and then connect to the Oracle Directory Manager. As shown in the slide, when you click OK, a dialog box is displayed to add a new server (host name or IP address) where the OID instance is running. The fields displayed in the dialog box are: • Server: The server name (host name or IP address) where the OID instance is running • Port: The port in which the instance is running. By default it is 389 or 4032. If the server is running on a different port, then enter that port number.

Oracle Application Server 10g: Administration I 7-26

ODM Connect Dialog Box

Copyright © 2004, Oracle. All rights reserved.

ODM Connect Dialog Box The Oracle Directory Manager Connect dialog box contains two tabs: Credentials and SSL. The fields in the dialog box are explained as follows: • User: You can log in as a super user or an anonymous user the first time you log in. To log in as a super user, specify orcladmin as the username and welcome1 as the password. To log in as an anonymous user, leave the user and the password fields empty. If you have set up the user entries, you can log in in the following two ways: Browse and select an entry by using the button to the right of the user field. Enter the DN for the user’s entry, for example, cn=Jane,ou=st,ou=acme,c=us. • Password: Enter the corresponding password for the user entered in the user field. For the orcladmin superuser, the password is the password that you had specified during the installation of OracleAS Infrastructure for ias_admin. For an anonymous user, leave this field blank. • Server: From the drop-down list, select the name of the server where the OID server instance is running. Click the button to the right of the server field to see whether the OID instance is currently running on the server. Click the Add button to add a new server that is running an Oracle Internet Directory server instance.

Oracle Application Server 10g: Administration I 7-27

ODM Connect Dialog Box (continued) • Port: The default port is 389 or 4032. The value of the port is set automatically when you select the server, because the port is configured with the server. • SSL Enabled: Select this check box if you want the communication between the client and the server to be over the secure sockets layer (SSL). To connect with SSL, the server should listen to an SSL-enabled port, otherwise the request will not be authenticated. If you have selected the SSL Enabled check box, then you must enter data in the fields on the SSL tabbed page. SSL Tabbed Page You can connect to the OID server through a secure connection using SSL. In an SSL connection, the data is transmitted in an encrypted format between the client and the server. To connect through SSL, you must select the SSL Enabled check box on the Credentials tabbed page and enter information in the SSL tabbed page. The SSL tabbed page includes the following fields: • SSL Location: This parameter specifies the location of the user’s wallet. - If the user’s wallet is on the local machine, then enter the wallet path and the file name. - If the wallet is on another machine, then link to that machine and specify the path and the wallet name. • SSL Password: This parameter specifies the password to open the user’s wallet. • SSL Authentication: This parameter specifies the type of the SSL authentication that the client and the server should use. Select one of the following authentication levels: - No SSL: If you select this option, then there is no need for the client and the server to authenticate each other. The data is only encrypted and no certificates are exchanged. - SSL Client and Server: If you select this option, then both the client and the server have to exchange certificates with each other. This is a two-way authentication. - SSL Server: If you select this option, then only the directory server authenticates itself to the client by sending a certificate.

Oracle Application Server 10g: Administration I 7-28

Using ODM
You can use and navigate through ODM by using the following controls: • Menu • • Toolbars Navigation pane

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 7-29

ODM Navigation Pane
The navigation pane is to the left of the double window interface, and has a tree-like structure.

Copyright © 2004, Oracle. All rights reserved.

ODM Navigation Pane When you open Oracle Directory Manager for the first time, the navigation pane shows only one tree item, OID Servers. When you click the plus sign (+) that is next to the tree item, the tree expands and the subcomponents of that tree item are displayed. Tree items that have plus signs in front of them may have their own subtree items. The plus sign becomes a minus sign (–) when the entry is expanded. You expand and contract the tree by clicking the plus and minus signs. The right pane displays information related to the tree item that is selected in the left pane.

Oracle Application Server 10g: Administration I 7-30

Disconnecting from the OID Server

Disconnect Tool Button

Copyright © 2004, Oracle. All rights reserved.

Disconnecting from the OID Server To disconnect from a directory server, perform one of the following actions: • Select Disconnect from the File menu. • Disconnect from the toolbar. • Right-click the OID server and select Disconnect. When you exit Oracle Directory Manager, connections between all directory servers and the directory are automatically disconnected. When you restart Oracle Directory Manager, all previously connected server connections appear in the Directory Server Login window.

Oracle Application Server 10g: Administration I 7-31

Summary
In this lesson, you should have learned how to: • Explain Directory and LDAP concepts • Describe Oracle Internet Directory (OID) • Explain Oracle Internet Directory architecture • Start and stop Oracle Internet Directory processes • Identify various OID command-line tools • Connect to and disconnect from the Directory by using Oracle Directory Manager

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration I 7-32

Managing and Configuring Oracle HTTP Server

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Explain the Oracle HTTP Server processing model • Describe the Oracle HTTP Server modules • Configure and manage Oracle HTTP Server using Oracle Application Server to:
– – – – Specify the server and file locations Control the number of processes and connections Manage network connections Configure and use server log files

Copyright © 2004, Oracle. All rights reserved.

Objectives This chapter describes Oracle HTTP Server, highlighting the differences between the Oracle distribution and the open source Apache product. It also explains how to start the server, access the Oracle HTTP Server main page, and stop and restart the server.

Oracle Application Server 10g: Administration - I 8A-2

Introduction to Oracle HTTP Server
Oracle HTTP Server (OHS) provides a robust, reliable Web server that is configured to: • Provide a high availability infrastructure for process management, death detection, and failover with OracleAS Containers for J2EE (OC4J) • Access Oracle components such as Forms, Reports, Discoverer, and Portal via the Web • Access database stored procedures with a PL/SQL engine

Copyright © 2004, Oracle. All rights reserved.

Overview The Oracle HTTP Server is based on Apache Web Server. OHS has additional modules that provide features such as the high availability infrastructure for process management, death detection, and failover, and support OC4J.

Oracle Application Server 10g: Administration - I 8A-3

Oracle HTTP Server Modules
The Oracle HTTP Server extends the standard Apache distribution.
mod_access mod_alias ... mod_status mod_vhost_alias mod_dms mod_oprocmgr mod_oc4j mod_oradav

mod_ossl mod_osso mod_plsql

Apache modules

Oracle modules

Copyright © 2004, Oracle. All rights reserved.

Oracle HTTP Server Modules One of the strengths of Apache is its modular structure. Only a core set of features exist within the main Apache executable. Everything else is provided by modules. Modules (mods) are dynamic shared objects loaded into the HTTP Server that extend its functionality either by offering native services (for example, mod_access) or by dispatching requests to external processes (for example, mod_oc4j dispatching to OC4J JVMs). In addition to the compiled Apache mods provided by Oracle HTTP Server, several of the standard mods have been enhanced and Oracle-specific mods have been added. For more information about Apache modules, see the Apache Web site at http://www.apache.org/docs/mod/index.html. The Oracle-specific modules are the following: • mod_dms: Enables you to monitor performance of site components with Oracle’s Dynamic Monitoring Service • mod_oc4j: Routes requests from the Oracle HTTP Server to Oracle Containers for J2EE (OC4J), providing the HTTP protocol for communication with the servlet engine. mod_oc4j is covered in detail later in this lesson.

Oracle Application Server 10g: Administration - I 8A-4

Oracle HTTP Server Modules (continued) • mod_oprocmgr: Provides process management and load balancing services to JServ processes. It is provided for legacy users of Apache JServ. Apache JServ is disabled by default in the Oracle HTTP Server configuration and you should use OC4J and mod_oc4j (that are enabled by default). mod_oprocmgr starts, stops, and detects death of processes (starting new processes to replace them), and provides load balancing services to the JServ processes. mod_oprocmgr gets the topology management information via HTTP requests from JServ, and does its job based on this information. • mod_oradav: Provides distributed authoring and versioning capability to the Oracle HTTP Server. mod_oradav is based on mod_dav, the Apache Group’s native implementation of the WebDAV specification. WebDAV is a protocol extension to HTTP 1.1 for managing Web content for multiple authors, enabling them to check out, edit, and check in files. • mod_ossl: Enables strong cryptography for the HTTP Server • mod_osso: Provides single-sign on for the HTTP Server. It examines incoming requests and determines whether the resource requested is protected, and if so, retrieves the HTTP Server cookie for the user. • mod_plsql: Enables you to create Web applications using Oracle stored procedures by connecting the HTTP Server to the PL/SQL Gateway

Oracle Application Server 10g: Administration - I 8A-5

HTTP Server Processing Model
The httpd.pid file contains the process ID for the parent process.
Parent process Child process Child process mod_xx mod_xx

Child process Child process

mod_xx mod_xx

Copyright © 2004, Oracle. All rights reserved.

The HTTP Server Processing Model After Oracle HTTP Server is started, the system is ready to listen and respond to requests. The request processing model is different for Windows and UNIX. On Windows, the child processes are threads of a single child process. On UNIX, when Oracle HTTP Server is started, a single control process launches several child processes that listen for and promptly respond to client requests. Each new process that is created in this way is a copy of the original Apache process. On UNIX, the process ID of the parent process is stored in the httpd.pid file that is located in the $ORACLE_HOME/Apache/Apache/logs directory by default. The main httpd parent process continues to run as the root user, but the child processes run as a less-privileged user. The User and Group directives are used to set the privileges for the child processes. The child processes must be able to read all the content that will be served. On Windows, Oracle HTTP Server launches a single control process and single child process. The child process creates multiple threads that listen and respond to client requests.

Oracle Application Server 10g: Administration - I 8A-6

Managing Processes and Connections
• On UNIX and Linux:
– – – – StartServers MaxClients MaxSpareServers / MinSpareServers MaxRequestsPerChild

• •

On Windows NT:
– ThreadsPerChild

On all operating systems:
– KeepAlive – KeepAliveTimeout – MaxKeepAliveRequests

Copyright © 2004, Oracle. All rights reserved.

Managing Processes and Connections To control the number of processes on a UNIX or on a Linux system, use the following server-level directives from “Section 1: Global Environment” in your httpd.conf file: • StartServers: Sets the number of child server processes created when the HTTP Server is started. The default value is 5. • MaxClients: Limits the number of requests that are handled simultaneously. The default value is 150. • MaxRequestsPerChild: Each child version handles this number of requests and then dies. If the value is 0, the process lasts until the machine is rebooted. The default value is 30. • MaxSpareServers: No more than this number of child servers should be left running and unused. The default value is 10. • MinSpareServers: At least this number of child servers should be kept running. The default value is 5. If fewer than this number exists, new ones are started at an increasing rate each second until the rate defined by MAX_SPAWN_RATE is reached (default: 32).

Oracle Application Server 10g: Administration - I 8A-7

Controlling the Number of Processes and Connections The OHS implementation on Windows is multithreaded. The server handles each request internally rather than generating another instance of the httpd program. The ThreadsPerChild directive limits the number of requests that are handled simultaneously. The following directives can be applied to all operating systems: • KeepAlive: The HTTP protocol is stateless, which means that each request and response pair between a Web browser and a server is independent. For example, if you visit a Web page that contains three embedded images, your browser makes four separate connections to that Web server; one for the page itself and one for each of the images in turn. KeepAlive provides a persistent connection between the browser and the server so that the same connection can handle multiple requests and response pairs. The result is a drop in latency, or the time consumed by establishing a connection. When using Oracle Application Server Clusters, set KeepAlive to off. • KeepAliveTimeout: This sets the number of seconds the server waits for a subsequent request before closing the connection. After a request has been received, the timeout value specified by the TimeOut directive applies. • MaxKeepAliveRequests: This limits the number of requests allowed per connection when KeepAlive is on. If it is set to 0, unlimited requests are allowed.

Oracle Application Server 10g: Administration - I 8A-8

Starting, Stopping, and Restarting OHS

Copyright © 2004, Oracle. All rights reserved.

Starting, Stopping, and Restarting the HTTP Server Oracle Application Server components, such as Oracle HTTP Server, can be started using the Application Server Control. You can start Oracle HTTP Server from the following: • System Components table region • The Oracle HTTP Server Home page (as shown partly in the slide) The Oracle HTTP Server Home page enables you to configure Oracle HTTP Server. You can modify directives, change log properties, specify a port for a listener, manage client requests, and edit server configuration files as explained in this lesson.

Oracle Application Server 10g: Administration - I 8A-9

Starting and Stopping the HTTP Server Manually
• • Oracle HTTP Server is managed by OPMN. To start and stop the OHS, run:
$> cd $ORACLE_HOME/opmn/bin $> opmnctl startproc process-type=HTTP_Server $> opmnctl stopproc process-type=HTTP_Server

•

To obtain status information, run:
$> opmnctl status

Copyright © 2004, Oracle. All rights reserved.

Starting and Stopping the HTTP Server Manually Oracle HTTP Server is managed by OPMN, which manages the Oracle Application Server processes. You can use opmnctl to start, stop, and restart Oracle HTTP Server. Change the directory to $ORACLE_HOME/opmn/bin before using the opmnctl commands. • To start the Oracle HTTP Server process in the local instance:
$> ./opmnctl startproc process-type=HTTP_Server

• • •

To stop the Oracle HTTP Server process:
$> ./opmnctl stopproc process-type=HTTP_Server

To determine the state of the Oracle HTTP Server:
$> ./opmnctl status

To restart Oracle HTTP Server:
$ ./opmnctl restartproc process-tpe=HTTP_server

Oracle Application Server 10g: Administration - I 8A-10

Directory Structure
Oracle Home Apache modplsql Jserv jsp fastcgi oradav ... Apache htdocs conf logs cgi-bin libexec ...

Copyright © 2004, Oracle. All rights reserved.

Directory Structure The Oracle HTTP Server is installed in the $ORACLE_HOME/Apache directory and subdirectories for configuring modules. For example, the modplsql folder contains the subdirectories that are necessary to configure and run PL/SQL applications. Apache This is the base directory of the Apache server. It has the following subdirectories: • htdocs: Contains the HTML scripts. The htdocs directory and its subdirectories are accessible to anyone on the Web and, therefore, pose a severe security risk, if used for anything other than data that is available to public. • conf: Contains the configuration files • logs: Contains the log data, for both accesses and errors • cgi-bin: Contains the CGI scripts. These are programs or shell scripts that can be executed by Oracle HTTP Server on behalf of its clients.

Oracle Application Server 10g: Administration - I 8A-11

Oracle HTTP Server Configuration Files
httpd.conf mod_oc4j.conf mime.types # jserv.conf oracle_apache.conf aqxml.conf moddav.conf plsql.conf ojsp.conf xml.conf

Copyright © 2004, Oracle. All rights reserved.

Oracle HTTP Server Configuration Files The main configuration file is httpd.conf. The httpd.conf file includes the following: • Reference to other configuration files such as oracle_apache.conf • Directives to include the configuration files listed on the preceding slide The following is a description of some the configuration files: • httpd.conf: The main configuration file. This contains directives and pointers to other configuration files such as: - mod_oc4j.conf: Configures and loads the mod_oc4j module. The mod_oc4j Oracle module routes requests from the HTTP server to Oracle Containers for J2EE (OC4J) and, therefore, contains routing information. This module is enabled by default. - mime.types: Controls the Internet media types that are sent to the client for the given file extensions. Sending the correct media type to the client is important so that the client knows how to handle the content of the file. You can add extra types in the mime type file or add a AddType directive in the configuration file. For more information about working with mime types, see the Web site at http://www.apache.org/docs/mod/mod_mime.html.
Oracle Application Server 10g: Administration - I 8A-12

Oracle HTTP Server Configuration Files (continued) - jserv.conf: Loads the Apache JServ communication module. The module is not loaded by default. • oracle_apache.conf: Included in the main configuration file to store configuration files of supported modules. - aqxml.conf: Enables and configures Advanced Queuing - moddav.conf: Configures and loads the mod_oradav module, to enable distributed authoring and versioning of Web documents - plsql.conf: Configures and loads the PL/SQL module. The file is located in the $ORACLE_HOME/Apache/modplsql/conf directory. - ojsp.conf: Configures Java Server Pages. The file is located in the $ORACLE_HOME/Apache/jsp/conf directory. - xml.conf: Associates the .xsql extension with the XSQL servlet. The file is located in the $ORACLE_HOME/xdk/admin directory. The following example of the oracle_apache.conf file explains how configuration files are included and where to change the path information or the name.
# Advanced Queuing - AQ XML include "/export/home0/ias20/rdbms/demo/aqxml.conf" # #Directives needed for OraDAV module include "/export/home0/ias20/Apache/oradav/conf/moddav.conf" include "/export/home0/ias20/Apache/modplsql/conf/plsql.conf" include "/export/home0/ias20/Apache/jsp/conf/ojsp.conf" # include "/export/home0/ias20/xdk/admin/xml.conf" #

Oracle Application Server 10g: Administration - I 8A-13

Specifying File Locations
The following directives control the location of various server files and can be specified in the server configuration context: • PidFile • ScoreBoardFile • CoreDumpDirectory The following directives can be used in the server configuration and virtual host contexts: • DocumentRoot • ErrorLog

Copyright © 2004, Oracle. All rights reserved.

Specifying File Locations • ServerRoot: This directive specifies the main directory where Apache stores its log files, configuration files, and HTML documents. Other directives, which are defined with a relative path, use the defined ServerRoot path as the default root to extend their relative paths. You should not change this directive. • PidFile: Enables you to set and change the location of the PID file where the server records the process identification number. If the file name does not begin with a slash (/), then it is assumed to be relative to the ServerRoot directory. • ScoreBoardFile: Required in some architectures to set a file that the server uses to communicate between the parent and child processes. To verify if your architecture requires a scoreboard file, run Oracle HTTP Server and see whether it creates the file named by the directive. If your architecture requires it, then you must ensure that this file is not used at the same time by more than one invocation of the server.

Oracle Application Server 10g: Administration - I 8A-14

Specifying File Locations (continued) • CoreDumpDirectory: Specifies the directory where the server stores core dumps. The default is the ServerRoot directory. This directive is applicable only to UNIX. • DocumentRoot: Defines the directory from which Apache serves files. It can use any valid directory that is accessible to the server, even on another computer over network file system (NFS). The default setting in httpd.conf is htdocs, a directory relative to the server root directory. It is very common to change the setting of DocumentRoot to keep sensitive configuration information away from your public pages. You can specify either a relative path, which Apache looks up under the server root, or an explicit path that can be outside the server root. • ErrorLog: Sets the name of the file where HTTP Server logs any errors that it encounters. The default is logs/error_log. The most common log files are the access log and error log. The name of the error log is either an explicit pathname starting with a slash (/), or relative to the server root directory (the default).

Oracle Application Server 10g: Administration - I 8A-15

Oracle HTTP Server Home Page

Copyright © 2004, Oracle. All rights reserved.

Oracle HTTP Server Home Page The Oracle HTTP Server Home page is the entry point in Application Server Control for managing and configuring Oracle HTTP Server. You can access the Oracle HTTP Server Home page from the OracleAS Instance Home page of the Application Server Control. Click the HTTP Server link in the components table of the OracleAS instance page and the Oracle HTTP Server Page is launched. The Oracle HTTP Server page has three tabs: Home, Virtual Hosts, and Administration. The first interface to be invoked is the Home tabbed page. Accordingly, the Oracle HTTP Server Page is also referred to as the Oracle HTTP Server Home page. You can get the overall status of the Oracle HTTP Server from the home page. Also, you can monitor the performance, and drilldown through the metrics using the links under Performance section. You can also use the home page to stop, start, or restart Oracle HTTP Server. You can use the VirtualHosts tab to manage the virtual hosts that are configured with Oracle HTTP Server. You can use the Administration tab to configure Server Properties such as document root, ports, number of processes, and editing configuration files.
Oracle Application Server 10g: Administration - I 8A-16

Configuring the Oracle HTTP Server
• • • • Directives are used to configure Oracle HTTP Server to meet your needs. Server-level configuration directives apply to the Oracle HTTP Server globally. Container directives create a limited scope for the directives that are defined within them. Per-directory configuration enables the server to act like a container with directory scope in the main configuration files. The default name for the per-directory configuration file is .htaccess. The configuration tiers are applied hierarchically.

•

Copyright © 2004, Oracle. All rights reserved.

Configuring the Oracle HTTP Server The directives that belong to the main Apache core are defined in httpd.conf or in application-specific configuration files. The configuration is logically divided as follows: • The server-level configuration directives include those that make sense only in a global context, such as StartServers, or those where you want a default setting that can be overridden by container or per-directory directives, such as ServerAdmin. • Container directives are used to modify the server-level configuration directives for the area of effect of the container. The main purpose of a container is to allow the Oracle HTTP Server to include or ignore a given directive depending on whether it is applicable to the scope defined by the container. • Per-directory configuration is optional. The default name for the per-directory configuration file is .htaccess. Configuration files are located in the directories under the DocumentRoot. Per-directory directives work like container directives. The AllowOverride directive allows to restrict the use of directives. The configuration tiers are applied hierarchically; each directive overrides the directive in the tier above it.

Oracle Application Server 10g: Administration - I 8A-17

Controlling Access to the Application Server
Server and server administrator options can be set based on the main server or a virtual host:
Listen UseCanonicalName On ServerName Port

Copyright © 2004, Oracle. All rights reserved.

Setting Server and Administrator Functions The following are the basic directives: • Listen: This directive sets the server to use more than one IP address or port. By default, the server listens to requests on every IP address and the port number specified by the Port directive. If you specify a port, then OHS receives connection on that port for all installed network interfaces. To limit the scope to a specific address use IP:port. • UseCanonicalName: This directive indicates the host name and port to use when redirecting the URL to the same server. This forces the Oracle HTTP Server to use ServerName and Port from the server configuration instead of using the ServerName and Port combination through the HTTP 1.1 header. - on: This is the default setting. For this setting, the server uses the host name and port values set in ServerName and Port. - off: For this setting, the server uses the host name and port that the user specifies in the request. • If you do not use virtual host containers, then ServerName refers to the server to which the Oracle HTTP Server responds. However, if you use name-based virtual hosting, then the browser must support HTTP 1.1. In this case, you must provide the ServerPath directive to support the HTTP 1.0 browser as well.
Oracle Application Server 10g: Administration - I 8A-18

Setting Server and Administrator Functions (continued) • ServerName: Defines the host name that the server uses when creating redirection URLs and for the SERVER_NAME variable. If you are using name-based virtual hosts, then the ServerName directive inside a <VirtualHost> section specifies what host name must appear in the request's header to match this virtual host when using HTTP 1.1. It is a common mistake to think that the server name is what Apache responds to, but it is the name used within responses. In fact, the Oracle HTTP Server responds to any connection request on any network interface and port number to which it is configured to listen. • Port: You can specify only one active port directive in a single configuration. If there is no Listen directive, then the server accepts connections and redirects to the port specified in the port directive. However, if there is a Listen directive, then the port specified is used only for redirection. In such cases, the port refers to the IP and Port on the Load balancer or the Web Cache that acts as the front end for the OHS. Port numbers range from 0 through 65535. Generally on UNIX, all ports with port numbers lower than 1024 are reserved for system use and only the root can bind a service to those ports. To use port 80, you must start the server from the root account. After binding to the port and before accepting requests, Apache changes to a lowprivileged user as set by the User directive. The Port directive is used to set the SERVER_PORT CGI environment variable for server side code to use in redirect requests. That is, it forms the Canonical Server name for redirect requests. For further information about directives, refer to the Apache documentation at the Web site: http://httpd.apache.org/docs/mod/directives.html.

Oracle Application Server 10g: Administration - I 8A-19

Modifying the Server Properties

Copyright © 2004, Oracle. All rights reserved.

Modifying the Server Properties To modify Server Properties, do the following: 1. Click the Administration Tab of the Oracle HTTP Server Home page. 2. Click the Server Properties link. The Server Properties page is displayed. 3. You can change the Document Root field that refers to the directory from which the server will serve files. Enter a new path in the Document Root field to change the document root directory. Note that the document root directory is different from the server root directory that is used only to store the server files. 4. Enter the appropriate e-mail address in the Administrator E-mail field. The Oracle HTTP Server will use this e-mail address to issue notices and warnings. 5. The User and Group settings can be added or changed; both specify which privileges the child processes will run with when the Oracle HTTP Server is started by root. 6. Click Apply to accept the changes. If you do not click Apply, you lose your changes. If you make a mistake or want to undo any changes, click Revert. Oracle Application Server displays a confirmation page, which confirms that the appropriate configuration files have been updated. 7. Click Yes to restart the HTTP Server so that the changes will take effect. Click No to restart the server later.
Oracle Application Server 10g: Administration - I 8A-20

Specifying Listener and Port

Copyright © 2004, Oracle. All rights reserved.

Specifying a Listener Port The port specification tells the server where to listen for requests. By default, the server listens on all networks, but only on the one port you specify. To specify a listener port from the Oracle HTTP Server Administration Tab, perform the following steps: 1. Navigate to the Listening Addresses/Ports region of the Server Properties page. 2. Select the IP address and associated port number that you want to use for the listener, or create new port settings by clicking the Add New Address/Port button and making the appropriate changes. Click OK to return to the Server Properties page. 3. If applicable, select the IP address to be used as a self-referencing URL. 4. Scroll down to the end of the page and click Apply to accept the changes. If you do not click Apply, you will lose your changes. If you make a mistake or want to undo any changes, click Revert. Oracle Application Server displays a confirmation page, which confirms that the appropriate configuration files have been updated. 5. Click Yes to restart the Oracle HTTP Server so that the changes will take effect. Click No to restart the server later. For more information about using ports, refer to the Oracle Application Server Administrator’s Guide and the Oracle HTTP Server Administration Guide.
Oracle Application Server 10g: Administration - I 8A-21

Administrative Directives
To make sure that the Oracle HTTP Server runs with appropriate privileges, you must define the following directives in your server configuration or virtual host context: • User • Group • ServerAdmin • Servertokens

Copyright © 2004, Oracle. All rights reserved.

Administrative Directives • ServerAdmin: Creates an e-mail address that is included with every error message that clients encounter. It is useful to create a separate e-mail address for this purpose. • ServerTokens: Controls the server information that is returned to clients, such as in error messages. This information includes a description of the generic OS type of the server and information about included modules. The example on the preceding slide shows the preferred setting for this directive, which is prod. - prod: For this setting (product only), the server provides server name only (Apache). You should prefer this setting over the default setting, which is full. - min: For this setting (“minimal”), the server provides the server name and version. - OS: For this setting, the server provides the server name, version, and operating system. - full: For this setting, the server provides the server name, version, operating system, and compiled modules.

Oracle Application Server 10g: Administration - I 8A-22

Server Logs

$ORACLE_HOME/Apache/Apache/logs

PidFile TransferLog CustomLog SSLLog ErrorLog Directives

httpd.pid access_log

ssl_engine_log ssl_request_log error_log Logs

Copyright © 2004, Oracle. All rights reserved.

Configuring and Using Server Logs Oracle HTTP Server log files consist of: • httpd.pid: On startup, Apache saves the process ID of the parent httpd process in this file. This file name can be changed with the PidFile directive. The process ID is used by the administrator to restart and terminate the daemon on UNIX. If the process dies (or is killed) abnormally, you must also kill the child httpd processes. • access_log: The server typically logs each request to a transfer file. The file name can be set using a TransferLog directive for the server configuration; different transfer logs can be set for different virtual hosts. • error_log: The server logs error messages to a log file. The file name can be set using the ErrorLog directive for the server configuration; different error logs can be set for different virtual hosts. The ErrorLog directive sets the name of the file to which the server logs any errors that it encounters. For example, setting ErrorLog /dev/null effectively turns off error logging.

Oracle Application Server 10g: Administration - I 8A-23

Configuring and Using Server Logs (continued) • ssl_engine_log and ssl_request_log: These directives specify the location of their specific log files. These files are created when the Oracle HTTP Server is started in SSL mode and the SSLLog directive is enabled in the server configuration context or for a virtual host. The TransferLog and SSLLog directives can be used in the context of the server configuration as well as for virtual hosts when you want to use different locations for each virtual host. PidFile can be used only once in the server configuration context, that is, in Section 1 or Section 2. An example of how to use these directives from httpd.conf is:
### Section 1: Global Environment # PidFile: The file in which the server should record its # process identification number when it starts. # PidFile logs/httpd.pid ### Section 2: 'Main' server configuration # The directives in this section set up the values used by # the 'main' server. TransferLog as well as SSLLog are not set per #default in this section but could be set like this: #TransferLog logs/access_log #SSLLog logs/ssl_engine_log ### Section 3: Virtual Hosts # #<VirtualHost ip.address.of.host.some_domain.com> # # # # # ServerAdmin webmaster@host.some_domain.com DocumentRoot /www/docs/host.some_domain.com ServerName host.some_domain.com ErrorLog logs/host.some_domain.com-error_log TranferLog logs/host.some_domain.com-access_log

#</VirtualHost>

Oracle Application Server 10g: Administration - I 8A-24

LogLevel Directive
The LogLevel directive applies to the context of the server configuration and virtual hosts. • It controls the number of messages. • It can be set to one of the following: Emerg, Alert, Crit, Error, Warn, Notice, Info, or Debug. Example from httpd.conf:
### Section 2: 'Main' server configuration # ErrorLog logs/error_log LogLevel warn

•

Copyright © 2004, Oracle. All rights reserved.

Using the LogLevel Directive The LogLevel directive adjusts the verbosity of the messages that are recorded in the error logs. The following levels are available, in the order of decreasing significance: Level Description Example Emerg Emergency: System is unusable “Child cannot open lock file. Exiting” Alert Action must be taken immediately “getpwuid: couldn’t determine user name from uid” Crit Critical condition “socket: Failed to get a socket, exiting child” Error Error condition “Premature end of script headers” Warn Warning condition “child process 1234 did not exit, sending another SIGHUP” Notice Normal but significant condition “httpd: caught SIGBUS, attempting to dump core in …” Info Informational “Server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers)…” Debug Debug-level message “Opening config file …”
Oracle Application Server 10g: Administration - I 8A-25

Log Formats
The default format is the Common Log Format (CLF):
LogFormat "%h %l %u %t \"%r\" %>s %b" common

• • • • • • •

%h: Remote host %l: Remote log name, if supplied %u: Remote user %t: Time in common log format %r: First line of request %s: Status %b: Bytes sent, excluding HTTP headers

Copyright © 2004, Oracle. All rights reserved.

Specifying Log Formats The default format for logs TransferLog is the standard Common Log Format (CLF). You can use the LogFormat directive to set a different format. Alternatively, the log file can be customized (and if multiple log files are used, each can have a different format). Custom formats are set with LogFormat and CustomLog. LogFormat specifies the information included in the log file, and the manner in which it is written. The CLF format is host ident authuser date request status bytes, where: • host is the client domain name or its IP number • ident is the client identity information if IdentityCheck is enabled and the client machine runs identd • authuser is the user ID for a password-protected site • date is the date and time of the request in the day/month/year:hour:minute:second format • request is the request line, in double quotation marks, from the client • status is the three-digit status code returned to the client • bytes is the number of bytes, excluding headers, returned to the client
Oracle Application Server 10g: Administration - I 8A-26

Resetting Log Files
• • The access.log file grows by 1 MB for each 10,000 requests. You can reset log files by moving the log file and then signaling Oracle HTTP Server to reopen the log files:
$> mv access_log access_log.old $> kill -1 'cat httpd.pid'

Copyright © 2004, Oracle. All rights reserved.

Resetting Log Files Sooner or later, you will want to reset your log files (access_log and error_log) because they have become too big or are full of information that you do not need anymore. The access.log file typically grows by 1 MB for each 10,000 requests. Many people attempt to replace the log file by moving it or removing it. This does not work. Apache continues writing to the log file at the same offset as before the log file was moved. This results in the creation of a new log file that is just as big as the old one but that now contains thousands (or millions) of null characters. You should move the log file and then signal Apache to reopen the log files. You signal Apache by using the SIGHUP (-1) signal. For example: mv access_log access_log.old kill -1 'cat httpd.pid' Note: The httpd.pid file contains the process ID of the Apache httpd daemon. Apache saves this in the same directory as the log files. You can use this method to replace (and back up) your log files on a daily or weekly basis.

Oracle Application Server 10g: Administration - I 8A-27

Changing Error Log Properties

Copyright © 2004, Oracle. All rights reserved.

Changing Error Log Properties The error log file is an important source of information for maintaining a well-performing server. The error log records all of the information about problem situations so that the system administrator can diagnose and fix the problems. Note: To provide access to this file, without providing access to the other configuration files, you may need to move the error log file to a directory that is accessible. To customize your error log, perform the following steps: 1. Navigate to the Logging region of the Server Properties page. 2. In the Error Log Filename field, enter the full path and name file where you the errors to be logged. A relative pathname is assumed to be relative to the Server Root directory. 3. Select the Error Logging Level from the list of values. The logging level indicates the severity of the error reported in the error log. 4. Set the IP Address Translation type. This setting tells the server how to handle DNS lookups. 5. Scroll down to the end of the page and click Apply to accept the changes.

Oracle Application Server 10g: Administration - I 8A-28

Adding an Access Log File

Copyright © 2004, Oracle. All rights reserved.

Adding an Access Log File The access log file contains a detailed list of accesses to the Oracle HTTP Server. It contains the remote host name, remote log name, remote user, time, request, response code, and bytes transferred. This information can be used to generate statistical reports about the server usage patterns. To add an access log file, perform the following steps: 1. Navigate to the Logging region of the Server Properties page. 2. In the Select Access Log region, select the client access log file that you want to relocate or choose the Add New File button. Scroll down to the Select Access Log region. 3. In the field provided, enter the full pathname and file name of the access log file that you want to create. For example, you can enter the following location:
/private2/ias/Apache/Apache/logs/access_log

Or enter the relative path and file name: logs/access_log. A relative path is assumed to be relative to the Server Root directory. 4. Set the log format; you can select to use an existing format or specify a new format by typing a new format name. For a full description of the available log formats, click Help. 5. Scroll down to the end of the page and click Apply to accept the changes. 6. Click Yes to restart the HTTP Server so that the changes will take effect.
Oracle Application Server 10g: Administration - I 8A-29

Managing Client Requests and Connection Handling

Copyright © 2004, Oracle. All rights reserved.

Managing the Client Request and Connection Handling The Oracle HTTP Server Home page allows you to specify how the child processes and connections should initialize resources during the processing phase of the server.The child processes and connection settings have an impact on the ability of the server to process requests. To maintain a well-performing server, you may need to modify these settings as the number of requests increases or decreases. To modify the settings, perform the following steps: 1. In the Server Properties, navigate to the Client Handling region. 2. Modify the child process and connections directives by changing the default values in the appropriate fields. 3. Scroll down to the end of the page and click Apply to accept the changes. 4. Restart the server to commit the changes. For more information about setting the client request and connection handling parameters, refer to the Oracle HTTP Server Administration Guide.

Oracle Application Server 10g: Administration - I 8A-30

Advanced Server Properties

Copyright © 2004, Oracle. All rights reserved.

Advanced Server Properties The Oracle HTTP Server Advanced Properties page allows you to access the HTTP Server configuration files directly. These files are used to customize the features of your server. To access one of the HTTP Server configuration files directly, perform the following steps: 1. On the Oracle HTTP Server Home page, scroll down to the Administration region. 2. Click Advanced Server Properties. This takes you to the Configuration Files region of the Advanced Server Properties page. 3. Select the configuration file you want to edit. A text editor appears. 4. Make the appropriate changes and click Save Changes. When you are finished, click OK to return to the HTTP Server Home page. 5. Scroll down to the end of the page and click Apply to accept the changes. If you do not click Apply, you lose your changes. If you make a mistake or want to undo any changes, click Revert. 6. Navigate to the Oracle HTTP Server Home page and restart the server to commit the changes. You do not have to restart the server if the changes were reverted. For more information about using the HTTP Server configuration files to customize your server settings, refer to the Oracle HTTP Server Administration Guide.
Oracle Application Server 10g: Administration - I 8A-31

Editing Server Configuration Files

Copyright © 2004, Oracle. All rights reserved.

Editing configuration files You can use the Application Server Control to perform minor configuration changes in the configuration files. The benefit of making these changes using the Application Server Control is in the fact that the Enterprise Manager, ensures that the OHS is stopped and restarted to give effect to the configuration changes immediately. It should also be noted that this interface does not have elaborate editing capabilities. It is advisable to take a backup of the original configuration files before editing them so that you can fall back to the operational configuration in case the revisions fail.

Oracle Application Server 10g: Administration - I 8A-32

Getting the Server Status
Change your httpd.conf file to allow access from specific IP addresses or machine name:
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 123.456.789.123 </Location>

•

Set the directive to show extended status to on or off in Section 1 of httpd.conf:
ExtendedStatus On

•

Restart Oracle HTTP Server.
Copyright © 2004, Oracle. All rights reserved.

Enabling Server Status A server administrator uses the Status module to find out how well a server is performing. An HTML page is presented that gives the current server statistics in an easily readable form. To enable status reports only for browsers from the foo.com domain, add this code to your httpd.conf configuration file: <Location /server-status> SetHandler server-status order deny,allow deny from all allow from .foo.com </Location> You can now access server statistics by using a Web browser to access the page http://<hostname>:[port]/server-status. You can get the status page to update itself automatically if you have a browser that supports the Refresh command. To refresh the page every N seconds, access the page http://<hostname>:[port]/server-status?refresh=N.
Oracle Application Server 10g: Administration - I 8A-33

Monitoring Oracle HTTP Server

Copyright © 2004, Oracle. All rights reserved.

Monitoring Oracle HTTP Server All Oracle Application Server components automatically generate usage and performance statistics. These statistics are periodically polled and analyzed by the OracleAS Administration Service. In general, metrics focus on three factors: volumes, rates, and durations. An example of how this applies to the Oracle HTTP Server is monitoring Web server request activity. Aggregate Oracle HTTP Server request activity is monitored by the following metrics: • Active Requests measures total current active requests. • Request Throughput measures requests processed per second. • Request Processing Time measures the average number of seconds required to process requests. All monitoring is performed in real time using live data provided by the monitored component. The Oracle HTTP Server is monitored not only for request activity, but also for connections, errors and data throughput. The percentage of CPU and memory usage is also monitored in real time.

Oracle Application Server 10g: Administration - I 8A-34

Summary
In this lesson, you should have learned how to: • Explain the Oracle HTTP Server processing model • Describe Oracle HTTP Server modules • Configure and manage Oracle HTTP Server using Oracle Application Server to:
– – – – – Specify the server and file locations Limit the number of processes and connections Manage the network connections Configure and use server log files Edit the server configuration files

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 8A-35

Configuring Directives and Virtual Hosts

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Describe the configuration directives and their scope • Describe the process of merging containers and contents • Configure directories, and enable directory indexes • Set up virtual hosts • Use configuration directives such as Option, Alias, and ScriptAlias

Copyright © 2004, Oracle. All rights reserved.

Objectives The Web master of an Oracle HTTP Server has more than 100 directives at his or her disposal for configuring the server, some of which were described in the lesson titled “Managing the Oracle HTTP Server.” Directives belonging to the main Apache core are defined in httpd.conf or in additional configuration files for specific modules—for example, plsql.conf is the configuration file for mod_plsql. This lesson focuses on the directives that are typically used in the main section of the httpd.conf configuration file. It also discusses container directives, and their scope and inheritance. This chapter describes how to configure Oracle HTTP Server, including how to use specific directives, where they can be placed in the configuration files, and how directives are applied hierarchically.

Oracle Application Server 10g: Administration - I 8B-2

Configuration Contexts
Server Context
httpd.conf <VirtualHost>

Directory Context
.htaccess AuthConfig Limits Options FileInfo

1

2

<Directory>

3

<Files>

4
<Location>

5

Indexes

Copyright © 2004, Oracle. All rights reserved.

Configuration Contexts The configuration tiers are applied hierarchically, which means that each directive overrides the directive in the preceding tier allowing progressive refinement of the Oracle HTTP Server behavior in increasingly more specific areas. The per-server context applies to the httpd.conf configuration file: 1. Directives outside any sections that are applied to the default or main server (depending on the particular directive) may be inherited by other sections. 2. Virtual host sections contain directives that are applied to a particular virtual server, and are distinguished by unique IP address–IP port pairs. 3. Directory sections contain directives that are applied to a particular directory (and its subdirectories), and are distinguished either by plain directory paths or regular expressions matching directory paths. 4. File sections contain directives that are applied to particular files, and are distinguished by either plain file names or regular expressions matching file names. 5. URL sections contain directives that are applied to a particular URL and its sub areas, and are distinguished by either plain relative URLs or regular expressions matching relative URLs.
Oracle Application Server 10g: Administration - I 8B-3

Configuration Contexts (continued) The directory context applies to the local .htaccess configuration files. They are read by OHS as it discovers the file system structure. This context is also divided into five subcontexts that are enabled with the AllowOverride directive in the httpd.conf file. In the .htaccess file, there is no order of precedence and the directives are applied in the order they are defined: • The AuthConfig contains directives that control authorization (mod_auth). • The Limit contains directives that control access restrictions (mod_access). • The Options contains directives that control specific directory features (http_core). • The FileInfo - file contains directives that control document attributes (mod_mime). • The index context contains directives that control directory indexing (mod_index).

Oracle Application Server 10g: Administration - I 8B-4

Container Directives
• • • Container directives have opening and closing tags that surround other directives. Every directive within a container's tag affects only what that container refers to. Any directive that does not appear within a container applies to the entire server.
<VirtualHost> <Directory>, <DirectoryMatch> <Location>, <LocationMatch> <Files>, <FilesMatch> <Limit>, <LimitExcept>

Copyright © 2004, Oracle. All rights reserved.

Container Directives The container directives limit the scope of the directives they contain: • VirtualHost allows one configuration to serve multiple sites from a single set of resources. • Directory matches a physical location of the specified directory. • Location matches a virtual path. • Files matches specific file types. • The DirectoryMatch, FilesMatch, and LocationMatch directives allow use of regular expressions in the matching string. • Limit and LimitExcept restrict authentication or restriction to specific HTTP methods and are seldom used.

Oracle Application Server 10g: Administration - I 8B-5

Block Directives
Block directives limit the scope of application of other directives within them.
<IfModule mod_userdir.c> UserDir public_html </IfModule>

Copyright © 2004, Oracle. All rights reserved.

Block Directives The block directives limit the application of other directives within them to operate on particular virtual hosts, directories, or files. Container and block directives come in pairs. In the example in the slide, the IfModule directive is a block directive that applies only to the mod_userdir.c module.

Oracle Application Server 10g: Administration - I 8B-6

Merging Containers and Contents
The directives are merged in the following order: 1. Directives inside nonregular expression Directory containers and .htaccess directives are processed simultaneously, with the .htaccess directives overriding the directives of the Directory container. 2. DirectoryMatch containers are applied. 3. Directives from the Files and FilesMatch containers are merged. 4. The last ones to be applied are Location and LocationMatch.

Copyright © 2004, Oracle. All rights reserved.

How Oracle HTTP Server Combines Containers and Their Contents Oracle HTTP Server has a defined order in which it merges directives together into one course of action, as listed in the slide. At each step, directories are searched for from the top down. The /home/www/oracle/index.html path causes Oracle HTTP Server to merge container directives and .htaccess files that apply to the following directories: / /home/ /home/www/ /home/www/oracle/ If containers have the same scope in the server configuration, they are merged in the order they are defined. Oracle HTTP Server resolves containers in VirtualHost definitions to take effect after the main server configuration, so that virtual hosts can override those container settings; this is true even if directory containers point to the same directory. <Directory> is processed moving from the shortest directory component to the longest.

Oracle Application Server 10g: Administration - I 8B-7

Context Merging and Inheritance
• • • • To match objects at the file-system level, use <Directory> or <Files>. To match URLs, use <Location>. <Location> containers are processed last, although the URL is what the user applies first. Using an <Options> directive inside a <Files> section has no effect.

Copyright © 2004, Oracle. All rights reserved.

Context Merging and Inheritance Apart from <Directory> containers, each section group is processed in the order in which it appears in the configuration files. However, Apache processes the Directory sections from the shortest directory component to the longest. Note the following: • You must use <Directory> or <Files> directives when you attempt to match objects at the file system level. • You must use the <Location> directive when you attempt to match objects at the URL level. • Although URLs come first (before file system paths) from the user's point of view, <Location> is processed last. As already stated, the sections inside <VirtualHost> containers are applied after the corresponding sections outside the virtual host definition to allow the main server configuration to be overridden. Alternatively, modifying .htaccess parsing with the AllowOverride Options directives inside a <Location> container accomplishes nothing, because .htaccess parsing has already occurred. For more information about context merging and inheritance, see the Web site at: http://www.apacheref.com/book/adr_ch4.pdf
Oracle Application Server 10g: Administration - I 8B-8

Where the Directives Can Be Specified
• The directives can be specified within:
– Server-level configuration section – Virtual host container – Directory (including Location and Files) container – .htaccess file

•

Limit or LimitExcept containers may not include other containers, but may include any other directive.

Copyright © 2004, Oracle. All rights reserved.

Where the Directives Can Be Specified Not all directives can be specified in each container. For example, the ServerName directive is allowed in the server configuration or a virtual host container, but nowhere else. Oracle HTTP Server does not start if you put it into a Directory container. An exception is the Limit directive. The <Limit> directive restricts the effect of access controls to the nominated HTTP methods, and only in this case the directive takes effect. So long as the Limit or LimitExcept directive is placed within a container that is acceptable to the directive, any directive is allowed inside a Limit or LimitExcept container.

Oracle Application Server 10g: Administration - I 8B-9

Where the Directives Can Be Specified (continued) In terms of refining the container scope, note that no container directive can be nested within a directive of the same type. Therefore, you cannot nest a Directory or Location directive to refine the scope of successive definitions. Instead, you can have Directory, Files, and Location containers defined separately but refer to the same areas of the file system. The Limit directive and the Files container, are notable exceptions to the rule that containers cannot enclose another container. A Files container is allowed inside a Directory container, and, most importantly, VirtualHost containers allow all of the other container types.

Oracle Application Server 10g: Administration - I 8B-10

<Directory> Directive

The Directory contains a group of directives that apply to the named directory and subdirectories.
<Directory /> Options none AllowOverride none </Directory> <Directory /home/www/*> AllowOverride all </Directory>

Copyright © 2004, Oracle. All rights reserved.

The <Directory> Directive The <Directory> encloses directives that apply only to the named directory and subdirectories of that directory. Any directive that is allowed in a directory context may be used. <Directory> containers cannot be nested inside each other, but can refer to directories in the document root that are nested. • <Directory /home/*/public_html> refers to the public_html subdirectory under any directory in /home. • <Directory /> operates on the whole file system. • <DirectoryMatch> should be used when specifying regular expressions, instead of using the tilde form of <Directory> with wildcards in the directory specification. The following two examples have the same result, matching directories that start with web and end with a number from 1 through 9:
<Directory ~/web[1-9]/> <DirectoryMatch "/web[1-9]/">

Oracle Application Server 10g: Administration - I 8B-11

<Files> and <Location>
• <Files> matches files instead of directories:
<Directory /ias20/public/images> <Files *.gif> SetHandler /cgi-bin/process-image.cgi </Files> </Directory>

•

<Location> applies to a URL:
<Location /server-info> SetHandler server-info </Location>

Copyright © 2004, Oracle. All rights reserved.

Container Directives: <Files> and <Location> • The <Files file> and </Files> directives support access control by file name. They are comparable with the <Directory> and <Location> directives. The directives given within this section can be applied to any object with a base name (the last component of the file name) matching the specified file name. <Files> sections are processed in the order that they appear in the configuration file, after the <Directory> sections and .htaccess files are read, but before <Location> sections. Note that <Files> directives can be nested inside <Directory> sections to restrict the portion of the file system to which they apply. • The <FilesMatch> directive provides access control by file name, just as the <Files> directive does. However, it accepts a regular expression. For example: <FilesMatch "\.(gif|jpe?g|png)$"> matches most common Internet graphics formats: .gif, .jpg, .jpeg, and .png. • The <Location> directive limits the application of the directives within a block to those URLs specified, rather than to a physical file location such as the <Directory> directive. <Location> sections are processed in the order that they appear in the configuration file, after the <Directory> sections and .htaccess files are read, and after the <Files> sections. The <Location> accepts wildcard directories and regular expressions with the tilde character.
Oracle Application Server 10g: Administration - I 8B-12

Container Directives: <Files> and <Location> (continued) • <LocationMatch> works in an identical manner to <Location> and you should use it for specifying regular expressions instead of the tilde form of Location with wildcards in the location specification. For example, <LocationMatch "/(extra|special)/data"> matches URLs that contained the /extra/data or /special/data sub string.

Oracle Application Server 10g: Administration - I 8B-13

<VirtualHost> Directive
Allows additional hosts and Web sites to be defined alongside the main server:
<VirtualHost www.host1.com> DocumentRoot /usr/virtual/htdocs/customers ServerName www.host1.com ErrorLog /usr/virtual/h1/logs/error_log </VirtualHost> <VirtualHost www.host2.com> DocumentRoot /usr/virtual/htdocs/internal ServerName www.host2.com ErrorLog /usr/virtual/h2/logs/error_log </VirtualHost>
Copyright © 2004, Oracle. All rights reserved.

<VirtualHost> Directive The term virtual host refers to the practice of maintaining more than one server on one machine, as differentiated by their apparent host names. The Oracle HTTP Server supports both IP-based virtual hosts and name-based virtual hosts. The latter variant is sometimes also called host-based or non-IP virtual hosts. Each virtual host can have its own name, IP address, and error and access logs. Within a <VirtualHost> host container, you can set up a large number of individual servers run by a single invocation of the HTTP Server. With virtual hosting, you can specify a replacement set of the server-level configuration directives that define the main host and which are not allowed in any other container.

Oracle Application Server 10g: Administration - I 8B-14

Defining Virtual Hosts
• • IP-based and name-based virtual hosts are defined with the VirtualHost container directive. The VirtualHost container includes a set of alternative directives to the main server, such as:
ServerAdmin ServerName DocumentRoot ErrorLog CustomLog Directory Location
Copyright © 2004, Oracle. All rights reserved.

Defining Virtual Hosts Oracle HTTP Server supports both IP- and name-based virtual hosts with the VirtualHost container directive. Early versions of HTTP (including many other protocols, such as FTP) required a different IP address for each virtual host on the server. On some platforms, this can limit the number of virtual hosts you can run. The VirtualHost directive is not limited to IP addresses but also accepts host names. However, note that this puts an extra burden on the server because it requires name server lookups and makes the Oracle HTTP Server vulnerable to domain name server (DNS) faking attacks. <VirtualHost> and </VirtualHost> are used to enclose a group of directives that apply only to a particular virtual host. Any directive that is allowed in a virtual host context can be used. When the server receives a request for a document on a particular virtual host, it uses the configuration directives that are enclosed in the <VirtualHost> section. These directives consist primarily of ServerAdmin, ServerName, DocumentRoot, ErrorLog, and CustomLog.

Oracle Application Server 10g: Administration - I 8B-15

Defining Virtual Hosts (continued) Note that if you do not define one of these directives (with the exception of ServerName) in your virtual host, the setting is inherited from the main server-level configuration. Note that ServerName in a virtual host has nothing to do with the name to which the virtual host responds; that is, defined by the IP address or host name in the VirtualHost directive itself. Rather, ServerName gives the name of the host when creating redirection URLs; without it, the Oracle HTTP Server is forced to perform a DNS lookup of the virtual host's IP address to discover the name.

Oracle Application Server 10g: Administration - I 8B-16

Using IP-Based Virtual Hosts
A virtual host can be IP-based:
<VirtualHost 130.35.174.159 205.134.38.199> ServerName www.oracle.com ServerAdmin Webmaster@oracle.com DocumentRoot /oras/oracle/www ErrorLog /oras/oracle/logs/error_log TransferLog /oras/oracle/logs/access_log </VirtualHost>

Copyright © 2004, Oracle. All rights reserved.

Using IP-Based Virtual Hosts You can configure more than one name or IP address on each host. This is one way to achieve that a large machine consists of many smaller machines, one machine responding to the same name on different interfaces. For example, you want to have a VirtualHost that is available to hosts on an internal (intranet) as well as external (Internet) network. This approach is also used in high-availability failover situations. The VirtualHost directive in the configuration file is used to set the values of the ServerAdmin, ServerName, DocumentRoot, ErrorLog, and TransferLog or CustomLog configuration directives to different values for each virtual host. It is recommended that you use an IP address instead of a host name (see domain name server (DNS) look up caveats described earlier). Almost any configuration directive can be put in the VirtualHost directive, except for those directives that are only allowed to be used in the server configuration context such as the following: ServerType, StartServers, MaxSpareServers, MinSpareServers, MaxRequestsPerChild, BindAddress, Listen, PidFile, TypesConfig, ServerRoot, NameVirtualHost.

Oracle Application Server 10g: Administration - I 8B-17

Using Name-Based Virtual Hosts
A virtual host can be name based:
NameVirtualHost 205.134.38.199 VirtualHost www.host1.com> DocumentRoot /usr/virtual/htdocs/customers ServerName www.host1.com ErrorLog /usr/virtual/h1/logs/error_log </VirtualHost> <VirtualHost www.host2.com> DocumentRoot /usr/virtual/htdocs/internal ServerName www.host2.com ErrorLog /usr/virtual/h2/logs/error_log </VirtualHost>

Copyright © 2004, Oracle. All rights reserved.

Using Name-Based Virtual Hosts The notable difference between IP- and name-based virtual host configurations is the NameVirtualHost directive that specifies an IP address that should be used as a target for name-based virtual hosts. Note: When you specify an IP address in a NameVirtualHost directive, requests to that IP address are served only by matching <VirtualHost> directives. The main server is never served from the specified IP address. If you start to use virtual hosts, you should stop using the main server as an independent server and rather use it as a place for configuration directives that are common for all your virtual hosts. In other words, you should add a <VirtualHost> section for every server (host name) that you want to maintain on your server. For more information about virtual hosts, see the Web site at http://www.apache.org/docs/vhosts/.

Oracle Application Server 10g: Administration - I 8B-18

Configuring Virtual Hosts

Copyright © 2004, Oracle. All rights reserved.

Configuring Virtual Hosts To create an IP- or name-based virtual host container using the Application Server Control, perform the following steps: 1. Navigate to the Oracle HTTP Server Home page. Scroll down to the Virtual Host region. 2. Click the Create button. This opens the Virtual Host Wizard Welcome page. Click the Next button to proceed to the next window. 3. In the General window, you can specify the path for the document root directory, the email address for ServerAdmin, and the virtual host container type that you want to create. Enter information and click the Next button. 4. Now you define the server name and server aliases, as well as the IP-address that your virtual host listens on. Click the Next button. 5. The next page allows you to select the port setting which should be applied to this virtual host. To proceed, click the Next button. 6. At this step you can specify the path to the error log and select the logging level. To get to the Summary page, click the Next button. To apply the configuration, review your settings and click the Create button. Enterprise Manager displays a confirmation page, which confirms that the appropriate configuration file has been updated. 7. To restart the HTTP Server and for the changes to take effect, click Yes.
Oracle Application Server 10g: Administration - I 8B-19

Controlling Allowed Features
• Use Options to enable and disable features:
Options ExecCGI FollowSymLinks

•

Use AllowOverride to control overrides:
AllowOverride FileInfo Indexes

Copyright © 2004, Oracle. All rights reserved.

Controlling Allowed Features Options and AllowOverride are the key directives to control what features Oracle HTTP Server allows, and how many control files outside the server configuration are allowed: • The Options directive gives far-reaching control over what users get and the way Apache regards the file system, with each parameter controlling a different aspect of Apache's handling of files. For example, with the ExecCGI option, the server recognizes files as CGI scripts in this container, whereas FollowSymLinks allows your server to follow symbolic links. • The AllowOverride directive tells your Oracle HTTP Server which directives in a per-directory .htaccess file can override the server configuration, including the Options directive. This mechanism allows you to exert finer control over what is done in .htaccess files.

Oracle Application Server 10g: Administration - I 8B-20

Options Parameters
• • • • • • • • •

All ExecCGI FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC Indexes MultiViews None

Copyright © 2004, Oracle. All rights reserved.

Options Parameters Following is a complete list of Options parameters: • All: Enables all options by default, except for the MultiViews directive and those that are mutually exclusive, such as FollowSymLinks, SymLinksIfOwnerMatch, Includes and IncludesNoExec. Typically a Web master changes this parameter to something more desirable. • ExecCGI: Permits the execution of CGI scripts (or prohibits it if the parameter is not set). Except for those directories defined with ScriptAlias, ExecCGI must be defined for any executable content to function. ExecCGI is discussed in more detail later. • FollowSymLinks: Enables Apache to follow symbolic links defined on the file system for files or directories. You need to have Read privileges for successful reference. This option has no effect inside Location containers. • SymLinksIfOwnerMatch: Operates in an identical manner as FollowSymLinks but has higher priority. The option specifies that the server follows only those symbolic links for which the target file or directory is owned by the same user ID as the link. • Includes: Controls the execution of server-side includes (SSI) • IncludesNOEXEC: Permits server-side includes but disallows the execution of CGI scripts through #exec and #include commands.
Oracle Application Server 10g: Administration - I 8B-21

Options Parameters (continued) • Indexes: Specifies that if a URL is requested that maps to a directory, and there is no corresponding index file identified with the DirectoryIndex directive, a formatted listing of the directory contents is created and returned • MultiViews: Supports content-negotiated multiple views. This directive is not enabled with All. For more details about content negotiation, refer to the Apache documentation. The options can be preceded by + or -, in which case they are added or removed. If there are multiple Options directives for the same directory, then they are merged together. Having specified Options directives for the same directory in a Directory container in the server configuration and an .htaccess file in the directory has the same result; the two directives are merged. If no options are set, and there is no <Limit> directive, then the effect is as if All has been set. Alternatively, a directory inherits options from the directories above it if it does not have an explicit Options directive set. Those inherited directives can be modified rather than simply overridden by using the + and - modifier prefixes; an .htaccess file in a subdirectory can modify the settings as well. Because Apache looks for inherited directives all the way up the directory tree, in terms of both scope and .htaccess files, a succession of modifiers can be applied. If you want to clear all inherited and incremental settings, specify an option without a prefix. This ensures that only Options directives in either a Directory container or an .htaccess file for that directory are changed.

Oracle Application Server 10g: Administration - I 8B-22

Using Options
Example A
# Using Absolute Options <Directory /web/docs> Options Indexes FollowSymLinks </Directory> <Directory /web/docs/spec> Options Includes </Directory>

Example B
# Using Relative Options <Directory /web/docs> Options Indexes FollowSymLinks </Directory> <Directory /web/docs/spec> Options +Includes -Indexes </Directory>
Copyright © 2004, Oracle. All rights reserved.

Using Options Normally, if multiple Options directives could apply to a directory, then the most specific one is used; the options are not merged. However, if all the options in the Options directive are preceded by a + or - symbol, then the options are merged. Any options that are preceded by + symbols are added to the options currently being used, and any options preceded by - symbols are removed from the options currently being used. For example, the configuration in Example A sets only the Includes options for the /web/docs/spec directory: However, in Example B the Options directive uses the + and - symbols: <Directory /web/docs> Options Indexes FollowSymLinks </Directory> <Directory /web/docs/spec> Options +Includes -Indexes </Directory> In this case, the FollowSymLinks and Includes options are also set for the /web/docs/spec directory.

Oracle Application Server 10g: Administration - I 8B-23

Enabling Server-Side Includes (SSI)
An example of using Options to enable the execution of SSI:
<Location /ssidocs> Options +Includes AddHandler server-parsed .shtml </Location>

Copyright © 2004, Oracle. All rights reserved.

Enabling Server-Side Includes (SSI) Server-side includes (SSI) provide a simple mechanism for embedding dynamic information into an otherwise static HTML page. The most common and by far the most useful application of this embedding other documents or the output of CGI scripts into a page. It is also possible to include the output of operating system commands, such as the current time or file sizes, or server-generated information, into a Web page. Although several SSI applications have been superseded by more modern facilities such as style sheets, and more recently, XML, SSI has the advantage of being supported by almost all Web servers and requires no intelligence or parsing on the part of the client. To enable SSI, you first have to specify either Includes or IncludesNoExec. IncludesNoExec is identical to Includes, except that all commands that cause script execution are not permitted. That is especially useful for virtual hosts, where users are not trusted to write their own scripts but are allowed to include static files. Because the Options directive works in container directives , you can use it to enable SSI in specific directories only. The AddHandler directive is used to tell Oracle HTTP Server what files to interpret as SSI documents.
Oracle Application Server 10g: Administration - I 8B-24

Overriding Directives with the Per-Directory Configuration
• Oracle HTTP Server allows the server configuration to be supplemented with the following per-directory configuration files:
– .htaccess file – AllowOverride All, AuthConfig, Limit, FileInfo, Indexes, Options, None

•

Using directives outside of the standard configuration files may cause the configuration repository to be out of sync.

Copyright © 2004, Oracle. All rights reserved.

Controlling Overrides with AllowOverride Oracle HTTP Server allows the server configuration to be supplemented with per-directory configuration files. By default, if there is a readable file called .htaccess in a directory inside your path, Oracle HTTP Server treats the directives in them as if they were in a Directory container for that directory. (The name is not necessarily .htaccess; you can change it with AccessFileName.) The AllowOverride directive is valid only in Directory containers. This directive specifies whether the directives that are retrieved from .htaccess are to be considered or not. The default settings is All, which means all .htaccess files are read and parsed. From each .htaccess file for the same directory level, the server merges the directives found in any Directory containers (excluding Directory containers using regular expressions). The order of merging directives together is that the directives in lower Directory containers and .htaccess files have precedence over those in higher ones. After checking all directories and merging the directives in them, the server processes other containers whose scope covers the URL, as discussed earlier in this lesson.

Oracle Application Server 10g: Administration - I 8B-25

Controlling Overrides with AllowOverride (continued) Only certain directives can be defined in a per-directory configuration file. With the AllowOverride directive, parts of the subset can be enabled or disabled. Following is a complete list of override options: • All: Enables all overrides. This default setting causes security risks. • AuthConfig: Allows the use of directives belonging to user authentication, such as AuthName, AuthType, AuthUserFile, and require • FileInfo: Can be specified to control file types such as AddType, DefaultType, and others • Indexes: Permits directives controlling directories. It is not the same as the Indexes option, because it enables or disables the overriding, not the appearance, of directory indexes. For example, to allow directory indexes but prevent configuration in .htaccess files, enable the option but disable the override. • Limit: Allows the use of allow, deny, and order by to control host access • Options: Enables the use of Options. It is a good approach to disable the overriding of Options to prevent .htaccess files from enabling the use of CGI scripts and SSIs in places where the server configuration denies them. • None: Ensures that .htaccess files are ignored. To improve both security and, particularly, performance, you should consider using None for most Oracle HTTP Servers. The process of inheritance for AllowOverride follows the same rules as for Options, and allows the inherited overrides to be modified with + and - in the same manner.

Oracle Application Server 10g: Administration - I 8B-26

Directory Indexing
• Enable or disable directory indexing:
Options +Indexes

•

Use DirectoryIndex to change the default file displayed:
DirectoryIndex index.html index.htm

•

Specify a nonrelative URL as a last resource to prevent generating an index for the directory.
DirectoryIndex index.html /cgi-bin/error404.cgi

Copyright © 2004, Oracle. All rights reserved.

Directory Indexing The Oracle HTTP Server can do one of the following when asked for a directory rather than a file: • Return a default file in the directory • Generate an HTML page of the contents of the directory • Return an error stating that the file is not found • Return an error stating that permission is denied The Indexes option specifies whether to generate an HTML page with a directory listing. For example, Options+Indexes adds indexing to the list of active options. It is generally a good idea to disable indexing unless you need it, because it can be used by unwanted visitors to discover things about the Web site and the files in it, making other security weaknesses (such as, backups of CGI scripts) easy to find. In the example in the slide, the DirectoryIndex directive tells Oracle HTTP Server to append index.html to the end of any URL that resolves a directory and return the resource of that name if it finds it. Using a nonrelative URL as the last option of DirectoryIndex, prevents the creation of an index by ensuring that at least one resource in the DirectoryIndex directive will be found.
Oracle Application Server 10g: Administration - I 8B-27

DirectoryIndex Directive

A nonrelative URL specified as a last resource prevents generating an index of the directory:
DirectoryIndex index.html /cgi-bin/error404.cgi

Copyright © 2004, Oracle. All rights reserved.

DirectoryIndex Directive In the example in the slide, the DirectoryIndex directive tells the Oracle HTTP Server to append index.html to the end of any URL that resolves to a directory and return the resource of that name if it finds it. An index of the directory is generated instead, if none of the resources specified by DirectoryIndex are found, and if indexes are enabled. To prevent this, specify a nonrelative URL as the last option of DirectoryIndex. In the example, the error404.cgi script is run for any requested directory that contains neither index.html nor index.htm.

Oracle Application Server 10g: Administration - I 8B-28

Controlling Directory Listings with IndexIgnore
Prevent files from appearing in the directory listing by using the IndexIgnore directive:
IndexIgnore .??* *~ *# *.bak HEADER* README*

Copyright © 2004, Oracle. All rights reserved.

Controlling Directory Listings with IndexIgnore Often, you do not want users to see all files in a directory, for example HEADER and README files. Less obvious examples are backup files, subdirectories containing file revision archives, and dot files such as .htaccess, .cshrc, and .profile. The IndexIgnore directive allows you to prevent files from appearing in file listings. This directive is followed by a list of files or wildcards describing the files to ignore. The directive explained on the slide ignores anything that looks like a backup file, a header, or a read-me file, and any file whose name starts with a dot and is three or more characters long. It still allows .., so that clients can navigate to the enclosing directory. Because the current directory is suppressed automatically in directory listings, and it is not possible to get mod_autoindex to display it, you do not need to specify it. Oracle HTTP Server merges together multiple IndexIgnore directives, both those in the same directory and those inherited from higher-level directories. Note: If an IndexIgnore directive is specified in the server configuration it cannot be overridden by an .htaccess file. A file that has been suppressed by IndexIgnore once is always ignored. There is no way to reinstate such a file.
Oracle Application Server 10g: Administration - I 8B-29

Error and Response Handling
Error and response codes:
Category 100+ 200+ 300+ 400+ 500+ Meaning Informational Client request successful Client request redirected, further action necessary Client request incomplete Server errors

The ErrorDocument directive:
ErrorDocument 404 "Sorry, document not found ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/fake404.cgi
Copyright © 2004, Oracle. All rights reserved.

Error and Response Handling This page covers not error handling in general, but how to control Oracle HTTP Server behavior to determine what clients see when an error occurs. Before seeing how to handle errors, look at the kinds of responses Apache can generate. Errors are actually just one kind of response code defined by HTTP protocol. When the Oracle HTTP Server encounters a problem processing a client request, it logs the error in the error_log file and returns an error response to the client. By default, Apache generates a short HTML document containing the error code and the reason for it. You may prefer to have Apache respond in a way you choose, or possibly pretend that nothing has happened. You can customize the response of the server to errors using the ErrorDocument directive. In the event of a problem or error, you can use ErrorDocument to do one of the following things: • Output a simple hard coded error message, as in the first example. • Output a customized message, as in the second example. • Run a CGI script, as in the last example.

Oracle Application Server 10g: Administration - I 8B-30

Error and Response Handling (continued) ErrorDocument takes two parameters: the error code to handle, and the action to take, which can be either a customized error message or a URL. Note that the first example in the slide does not include a determining double quotation marks; if you put one there, it would actually appear in the message. The last example is an example how to deal with a 500 - Internal Server Error error, which is always an embarrassing thing to appear on a user's screen. You can use a CGI script to turn this error into a Not Found Error message identical to the one the Oracle HTTP Server would ordinarily generate.

Oracle Application Server 10g: Administration - I 8B-31

Expires Header

Expires headers are used to control the caching behavior for Web content. • To enable the sending of Expires headers:
ExpiresActive on

•

To set a default expiration time:

ExpiresDefault A2419200 ExpiresDefault M86400 ExpiresDefault "access plus 1 month"

•

To set expiration times by media type:

ExpiresByType image/gif A2419200
Copyright © 2004, Oracle. All rights reserved.

Expires Header The mod_expires module controls the Expires header. The proxies and client-browser caches consider a document being current based on the Expires header of the document. The value of the Expires header is a date beyond which the document is considered out-ofdate. With the ExpiresActive directive, you switch on or off sending of the Expires header. The ExpiresDefault directive defines a default expiry time for all files on the server. For files that change very rarely, such as archived documents, a setting such as in the example in the slide may be useful because Oracle HTTP Server would send an Expires header so that documents expire 2 419 200 seconds (28 days) after the file was accessed by the client. The second example tells Oracle HTTP Server to send an Expires header so that documents expire 86400 seconds (one day) after the date they were last modified, which is useful for pages that are updated daily. However, there are two important caveats: • If the pages modification date is ever more than one day in the past, then the page will never be cached because the document will be deemed to have already expired. • An Expires header will not be set if the source of the document is not a file on disk, as there is no modification time on which to base it.
Oracle Application Server 10g: Administration - I 8B-32

Expires Header (continued) The ExpiresByType enables you to differentiate expiry criteria, with one expiry time for HTML documents, a second for GIF images, and so on. Both ExpiresDefault and also understand an alternative verbose format for expiry times that is more human readable. For more information about mod_expires, see the Web site at http://httpd.apache.org/docs/mod/mod_expires.html.

Oracle Application Server 10g: Administration - I 8B-33

Alias, AliasMatch, and ScriptAlias

Aliases allow accesses to resources from a location other than the DocumentRoot directory: • Use Alias to store documents elsewhere:
Alias /soapdocs/ /ias/soap/

•

AliasMatch /images/(.*)\.gif$ /ias/images/$1.gif

AliasMatch allows you to use regular expressions:

•

Use ScriptAlias to store scripts elsewhere and mark them as CGI scripts:
ScriptAlias /cgi-bin/ /ias/Apache/Apache/cgi-bin/

Copyright © 2004, Oracle. All rights reserved.

Alias, AliasMatch, and ScriptAlias Aliases allow documents to be stored somewhere in the file system other than in the DocumentRoot directory. The URL is translated into a different location on the disk without the client being aware of it. The Alias example used in the slide substitutes the part of the URL that starts with /soapdocs/ with /ias/soap/ before retrieving the requested file. Some limitations of the Alias directive are that it cannot, for example, alias part of a URL that does not start at DocumentRoot, nor can it alias URLs based on the file extension. The AliasMatch directive enables you to replace the URL prefix of Alias with a regular expression. The example ensures that any reference to an images directory in a URL is redirected to the desired real images directory. The ScriptAlias directive controls which directories contain server scripts. ScriptAlias is essentially the same as Alias, except that documents in this directory are treated as applications and run by the server when requested, rather than treated as documents and sent to the client. ScriptAlias is also the only means of enabling CGI script execution without specifying the ExecCGI option. It is, therefore, a popular choice for servers with user accounts and a policy of not allowing user-written CGI scripts.
Oracle Application Server 10g: Administration - I 8B-34

Summary
In this lesson, you should have learned how to: • • • • Use the configuration directives and their scope Configure directories, and enable directory indexes Set up virtual hosts Use configuration directives such as Option, Alias, and ScriptAlias

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 8B-35

Configuring mod_rewrite

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Use regular expressions for pattern matching • Enable mod_rewrite • Configure mod_rewrite for business operations

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g Administration - I 8C-2

Regular Expressions
Regular expressions are used to operate on strings and can be used for: • Pattern matching • Modifying a string • Extracting a substring

Copyright © 2004, Oracle. All rights reserved.

Regular Expressions There are several directives, such as DirectoryMatch and LocationMatch that allow the use of regular expression for pattern matching. The mod_rewrite allows regular expressions in specifying the RewriteRule directive. Regular expressions are essentially a tiny, highly specialized programming language embedded in Oracle HTTP Server. The main purpose of a regular expression engine is to take a search pattern, and see if a string that matches the pattern occurs in its input. If it does, it is a successful match, if it does not the match failed. Using this language, you specify the rules for the set of possible strings that you want to match; this set might contain English sentences, or e-mail addresses, or anything you like. You can then ask questions such as “Does this string match the pattern?”, or “Is there a match for the pattern anywhere in this string?.” A second purpose is to use regular expressions to modify a string, or to split it in various ways.

Oracle Application Server 10g Administration - I 8C-3

Matching Characters
Meta characters to be used with regular expressions are: • . (dot) matches any character • [] specify a class (set of characters) Examples: • [a-z] matches any lowercase letter • [a-zA-Z0-9] matches any character or any digit • [abc$] matches "a ", " b ", " c " or " $ " • [^0-9] matches anything except a digit Meta characters are not active inside classes.

Copyright © 2004, Oracle. All rights reserved.

Matching Characters Because regular expressions are used to operate on strings, you can start with the most common task: matching characters. Most letters and characters will simply match themselves. For example, the regular expression test will match the string “test” exactly. Thus, to search for test in a file, enter test as search pattern. The power of regular expressions come from meta characters, which are characters that specify an action. For instance: • The .character matches any character, so test. will match test1, testa and testb. • The brackets [] will match any one of a list of characters. If the brackets contain a simple list of characters, it will match any of those. If it contains two characters separated by a -, it will match any in the range between the two (for example, [1-3] will match 1, 2 and 3). The order of characters is insignificant. A ^ (caret) after the [ (bracket) means match any character but those specified by the brackets. Note: Meta characters are not active inside classes. For example, [abc$] will match any of the characters “a”, “b”, “c”, or “$”; “$” is usually a meta character, but inside a character class it is stripped of its special nature.

Oracle Application Server 10g Administration - I 8C-4

Rules for Regular Expressions
The following rules apply to regular expressions: • Regular expressions are case sensitive; “hello” does not match “Hello.” • Each character inside the search pattern is significant including whitespace characters (space, tab, new line). • Alternating text can be enclosed in parentheses and alternatives separated with a pipe (|) character. For example, (on|ue|rida) matches " Monday“, "Tuesday“, or "Friday."

Copyright © 2004, Oracle. All rights reserved.

Rules for Regular Expressions The very simplest pattern matched by a regular expression is a literal character or a sequence of literal characters. Anything in the target text that consists of exactly those characters in exactly the order listed will match. A lower case character is not identical with its upper case version, and vice versa. A space in a regular expression matches a literal space in the target. Using character class, you can indicate that at least one member (character or expression) of the class occurs in the specified spot. But what if you want to specify that either of two whole subexpressions occur in a position in the regular expression? For that, you use the alternation operator, the pipe character (|). This is the symbol that is also used to indicate a pipe in UNIX/DOS shells, and is sometimes called the pipe character. The pipe character in a regular expression indicates an alternation between everything in the group that encloses it. That is, even if there are several groups on either side of a pipe character, the alternation matches everything on both sides. To select the scope of the alternation, you must define a group with () that encompasses the patterns that may match. The example illustrates this.

Oracle Application Server 10g Administration - I 8C-5

The Metacharacters ^ and $
There are two special characters that can be used to search for lines starting or stopping with the matching string: • ^ matches the start of a line • $ matches the end of a line Examples: • ^apache matches any line which starts with apache • apache$ matches any line that ends with apache • ^apache$ matches any line which consists of just the word apache
Copyright © 2004, Oracle. All rights reserved.

The Metacharacters ^ and $ Two special characters are used in almost all regular expression tools to mark the beginning and end of a line: caret (^) and dollar sign ($). To match a caret or dollar sign as a literal character, you must escape it , which will be explained later in this lesson. An interesting aspect about the caret and dollar sign is that they match zero-width patterns. That is the length of the string matched by a caret or dollar sign by itself is zero (but the rest of the regular expression can still depend on the zero-width match). Many regular expression tools provide another zero-width pattern for word-boundary (\b). Words might be divided by white space such as spaces, tabs, new lines, or other characters such as nulls; the word-boundary pattern matches the actual point where a word starts or ends, not the particular white space characters.

Oracle Application Server 10g Administration - I 8C-6

Quantifiers for Characters
Regular expressions also allow multipliers that modify the behavior of the previous matching character: • ? matches zero or one instance of the character. • + matches one or more instances of the character. • * matches zero or more instances of the character. Examples: • test? matches tes and test. • test+ matches test, testt, testtt, and so on. • test* matches tes, test, testt, testtt, and so on.
Copyright © 2004, Oracle. All rights reserved.

Quantifiers for Characters Matching varying sets of characters is the first task of a regular expression. The metacharacter for repeating characters “*. *” does not match the literal character “*”; instead, it specifies that the previous character can be matched zero or more times, instead of exactly once. For example, ca*t will match “ct” (0 “a” characters), “cat” (1 “a”), “caaat” (3 “a” characters). Repetitions such as * are greedy; when repeating a regular expression, the matching engine will try to repeat it as many times as possible. Probably the easiest mistake to make in composing regular expressions is to match too much. When you use a quantifier, you want it to match everything (of the right sort) up to the point where you want to finish your match. But when using the “*”, “+” or numeric quantifiers, it is easy to forget that the last bit you are looking for might occur later in a line than the one you are interested in. Another repeating metacharacter is +, which matches one or more times. Pay careful attention to the difference between * and +; * matches zero or more times, so whatever is being repeated may not be present at all, while + requires at least one occurrence. To use a similar example, ca+t will match “cat” (1 “a”), “caaat” (3 “a”’s), but won't match “ct”. The question mark character (?), matches either once or zero times. For example, home-?brew matches either “homebrew” or “home-brew.”

Oracle Application Server 10g Administration - I 8C-7

“Escaped” Characters Literals
Characters that have a special meaning inside regular expressions must be escaped: • \? matches the ? character. • \\ matches the \ character. • \. matches the . character.

Copyright © 2004, Oracle. All rights reserved.

“Escaped” Characters Literals Perhaps the most important metacharacter is the backslash, “\”. The backslash can be followed by various characters to signal various special sequences As already stated, a number of characters have special meanings to regular expressions. A symbol with a special meaning can be matched, but to do so you must prefix it with the backslash character (this includes the backslash character itself: to match one backslash in the target, your regular expression should include “\\”). Some of these special sequences represent predefined sets of characters that are often useful, such as the set of digits, the set of letters, or the set of anything that is not a whitespace. The following predefined special sequences are available: • \d Matches any decimal digit; this is equivalent to the class [0-9]. • \D Matches any non-digit character; this is equivalent to the class [^0-9]. • \s Matches any whitespace character; this is equivalent to the class [ \t\n\r\f\v]. • \S Matches any non-whitespace character; this is equivalent to the class [^ \t\n\r\f\v]. • \w Matches any alphanumeric character; this is equivalent to the class [a-zA-Z0-9_]. • \W Matches any non-alphanumeric character; this is equivalent to the class [^a-zA-Z0-9_]. These sequences can be included inside a character class. For example, [\s,.] is a character class that will match any whitespace character, or “,” or “.”.

Oracle Application Server 10g Administration - I 8C-8

Grouping Regular Expressions
• • Grouping is useful to build units. The pattern \/(Apache|MyApache|YourApache)\/Apache\/ conf matches the following paths:
– /Apache/Apache/conf – /MyApache/Apache/conf – /YourApache/Apache/conf

Copyright © 2004, Oracle. All rights reserved.

Grouping Regular Expressions A regular expression can have literal characters in it, and also zero-width positional patterns. Each literal character or positional pattern is an atom in a regular expression. You may also group several atoms together into a small regular expression that is part of a larger regular expression. One might be inclined to call such a grouping a “molecule,” but normally it is also called an atom.

Oracle Application Server 10g Administration - I 8C-9

Introduction to mod_rewrite
The mod_rewrite is a powerful tool to accomplish URL manipulations: • Restrict access to directories and files • Conditional redirection of access • Relocating servers, file systems, or directories • Regeneration of static pages based on the HTTP header variables

Copyright © 2004, Oracle. All rights reserved.

Introduction to mod_rewrite Oracle HTTP Server provides mod_rewrite as a tool for URL manipulations. A rewriting engine based on a regular-expression parser is used by mod_rewrite to rewrite requested URLs. The granularity of URL manipulations can be affected by the formats of server variables, environment variables, HTTP headers, and time stamps. This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result.

Oracle Application Server 10g Administration - I 8C-10

Functioning of mod_rewrite
• • The mod_rewrite module gets the rule sets from its configuration structure. Rule sets are:
– Created on startup (for per-server context) – Created during the directory walk of the Apache kernel (for per-directory context)

• •

The mod_rewrite processes the rules in the order they appear. The TestString is expanded before the condition is checked against CondPattern.

Copyright © 2004, Oracle. All rights reserved.

mod_rewrite Rules Processing Apache processes HTTP in phases. A hook for each of these phases is provided by the Apache. API. mod_rewrite uses two of these hooks— the URL-to-file name translation hook which is used after the HTTP request has been read but before any authorization starts, and the Fixup hook which is triggered after the authorization phases and after the per-directory configuration files (.htaccess) have been read; but before the content handler is activated. mod_rewrite reads the configured rule sets from its configuration structure. Server level rule sets are best configured at startup, while directory level rule sets are configured during the directory access of the kernel. mod_rewrite loops through the rule sets rule by rule (RewriteRule directive) and when a particular rule matches, it loops through corresponding conditions (RewriteCond directives). First the URL is matched against the Pattern of each rule. When it fails, mod_rewrite immediately stops processing this rule and continues with the next rule. If the Pattern matches, mod_rewrite looks for corresponding rule conditions. If none are present, it just substitutes the URL with a new value which is constructed from the string Substitution and goes on with its rule-looping. But if conditions exist, it starts an inner loop for processing them in the order that they are listed.

Oracle Application Server 10g Administration - I 8C-11

mod_rewrite Rules Processing (continued) For conditions, a string TestString is created by expanding variables, back-references, map lookups, and so on and then the CondPattern is matched against the expanded TestString. If the pattern does not match, the complete set of conditions and the corresponding rules fail. If the pattern matches, then the next condition is processed until no more conditions are available. If all conditions match, processing is continued with the substitution of the URL with Substitution. When request seeks a URI with more than one “/” (http://yourserver//oldpath/rqstdrsrc the ‘//oldpath’) may bypass RewriteCond and RewriteRule directives if they are not correctly written. For example, consider the following rule:
RewriteRule ^/oldpath(.*) /newpath$1 [R]

Requesting http://yourserver/oldpath/filea will redirect and return the page http://yourserver/newpath/fila as expected. However, requesting http://yourserver//oldpath/filea will bypass this particular rule, potentially serving a page that you were not expecting it to. You can work around the problem by making sure that rules will capture more than one slash. To fix the example above you can use the following replacement:
RewriteRule ^/+somepath(.*) /otherpath$1 [R]

Oracle Application Server 10g Administration - I 8C-12

Rewrite: Example
1. Browser requests for /demo

2. There is a mod_rewrite directive

3. OHS rewrites URL to /daytime

Copyright © 2004, Oracle. All rights reserved.

Rewrite example The example in the slide shows how when the mod_rewrite is configured to redirect requests for /demo directory, to /daytime, the user requests are directed appropriately.

Oracle Application Server 10g Administration - I 8C-13

mod_rewrite Directives
•

RewiteEngine [on / off]
– The RewriteEngine directive enables (on) or disables (off) the runtime–rewriting engine. – If it is set to off, this module does no run-time processing.

•

RewriteOptions
– The RewriteOptions directive sets inheritance of the rule sets configuration.

•

RewriteLog
– The RewriteLog directive sets the name of the file to which the server logs rewriting actions.

Copyright © 2004, Oracle. All rights reserved.

mod_rewrite Directives RewriteEngine: The RewriteEngine directive enables or disables the runtime–rewriting engine. If it is set to off, this module does no run-time processing at all. Use this directive to disable the module instead of commenting out all the RewriteRule directives. Rewrite configurations are not inherited by default. This means that you need to have a RewriteEngine on directive for each virtual host in which you want to use it. RewriteOptions: By specifying RewriteOptions ‘inherit’, you can force the configuration of the parent by the children. In virtual-server context, this means that the maps, conditions and rules of the main server are inherited. In directory context, this means that conditions and rules of the .htaccess configuration of the parent directory are inherited. RewriteLog: The RewriteLog directive sets the name of the file to which the server logs any rewriting action that it performs. If the name does not begin with a slash (‘/’), then it is assumed to be relative to the Server Root. To disable logging either remove or comment out the RewriteLog directive or use RewriteLogLevel 0. Avoid setting the file name to /dev/null to prevent logging. This can slow down the server with no advantage. RewriteLogLevel: The RewriteLogLevel directive sets the verbosity level of the rewriting logfile. The default level 0 means no logging, while 9 or more means that practically all actions are logged.
Oracle Application Server 10g Administration - I 8C-14

mod_rewrite Directives
•

RewriteBase:
– RewriteBase sets the base URL for per-directory rewrites.

•

RewriteCond:
– RewriteCond defines a rule condition. – This condition should be true before the RewriteRule is processed. – Precede a RewriteRule directive with one or more RewriteCond directives. – The rewriting rule is used only if its pattern matches the current state of the URI and if the RewriteCond conditions apply.

Copyright © 2004, Oracle. All rights reserved.

mod_rewrite Directives (continued) RewriteBase: The RewriteBase directive explicitly sets the base URL for per-directory rewrites. Rewrite rule can be used in per-directory configuration (.htaccess) files. To effectively perform the substitution, the base URL should be added into the server processing. By default, this prefix is the corresponding file path itself. But in most Web sites URLs are not directly related to physical file name paths; in such cases you must use the RewriteBase directive to specify the correct URL-prefix. If the URLs of your Web server are not directly related to physical file paths, you have to use RewriteBase in every .htaccess files where you want to use RewriteRule directives. Example: Assume the following per-directory config file:
# # /abc/def/.htaccess -- per-dir config file for directory /abc/def # /abc/def is the physical path of /xyz, RewriteEngine On RewriteBase /xyz RewriteRule ^oldstuff\.html$ newstuff.html

In the preceding example, a request to /xyz/oldstuff.html gets rewritten to the physical file /abc/def/newstuff.html.

Oracle Application Server 10g Administration - I 8C-15

mod_rewrite Directives

• • • • •

The RewriteRule directive defines the rewriting rule. The order of the rules is used when applying the rules at run time. The rule contain a regular expression that gets applied to the current URL. Substitution is the string that is substituted for the original URL for which Pattern matched. For details on regular expressions, use the manual pages: man regex.

Copyright © 2004, Oracle. All rights reserved.

Rewrite directives As with every module in OHS, mod_rewrite is also configured using directives. The major configuration points are the: • Rewrite rules that comprise of search strings.The rewrite rules also direct the mod_rewrite module the way to act when the search string is matched. • Rewrite conditions when the rewrite rules should be given effect.

Oracle Application Server 10g Administration - I 8C-16

Rewrite Rule: Tips
. [abc] [a-z] * ^ $ Any character “a”, “b”, or “c” “a”, “b” … “z” Any number Beginning Position End Position Single Character Single Character Single Character Many Characters

Copyright © 2004, Oracle. All rights reserved.

Some Hints About Rewrite Rules If there was a request for /demo1/not_just_index.html, all the above rewrite rules would have redirected the request to /alldemos/index.html, which may not be what you want. It is quite possible that you may want to redirect to the corresponding files in /alldemos, as follows: Request for Redirect to /demo1/happy.html /alldemos/happy.html /demo1/go.jpg /alldemos/go.jpg /demo1/lucky.jpg /alldemos/lucky.jpg Then you have to use substitution in your rewrite rule as follows:
RewriteRule ^/demo1(.*)$ /alldemos/$1 [R NC]

The following is an explanation of this rule: Take the value of the expression (such as happy.html, go.jpg, and lucky.jpg) that appears after demo1/ as variable ($1) and substitute it after /alldemos/.

Oracle Application Server 10g Administration - I 8C-17

Redirecting: Examples
• All the documents that are served by the Web server are moved to another subdirectory.
RewriteEngine on RewriteRule ^/(.*)$ /newroot/$1 [R,L]

•

Redirecting from one directory to another:
RewriteEngine on RewriteRule ^/oldloc(.*)$ /newloc/$1 [R,L]

•

Redirect based on the time of the day:
RewriteEngine on RewriteCond %{TIME_HOUR}%{TIME_MIN} >1800 RewriteCond %{TIME_HOUR}%{TIME_MIN} <0800 RewriteRule ^/Demo(.*)$ /Offtime$1 [NC,R]
Copyright © 2004, Oracle. All rights reserved.

Redirecting: Examples For redirecting requests from the DocumentRoot to a directory called newroot set the following mod_rewrite directives:
RewriteEngine on RewriteRule ^/(.*)$ /newroot/$1 [R]

For redirecting requests for files from one directory (olddir) to another (newdir), set the following directives:
RewriteEngine on RewriteRule ^/olddir(.*)$ /newdir/$1 [R]

In each of these cases, you should ensure that the requested resources are indeed available in the redirected location. The mod_rewrite module does not ensure the existence of the requested resource in the new location. In the third example, we intend to direct all requests from Demo directory to Offtime directory depending on the time the request is received. All requests to Demo received after 6 p.m. and before 8 a.m. are redirected to Offtime directory.

Oracle Application Server 10g Administration - I 8C-18

Summary
In this lesson, you should have learned how to: • Use regular expressions for pattern matching • Enable mod_rewrite • Configure mod_rewrite for business operations

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g Administration - I 8C-19

Managing and Configuring OracleAS Web Cache

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Start, stop, and restart OracleAS Web Cache • Change passwords for administrative users and listener ports • Specify site-to-server mappings • Create and configure caching rules • Set up basic invalidation mechanism • Set up expiration rules • Configure access and event logs • Obtain basic performance statistics
Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 9-2

What Is OracleAS Web Cache?
OracleAS

HTTP/HTTPS P2

AppSrv1 P1 Data P3 AppSrv2

OracleAS Web Cache

AppSrv3

Copyright © 2004, Oracle. All rights reserved.

What Is OracleAS Web Cache? OracleAS Web Cache functions as an external cache and load balancer and includes the following features: • Static content caching (HTML files, image files such as GIF or JPEG files) • Dynamically created read-only content caching (for example, a JSP-driven product catalog) • Consistency management with HTTP-based invalidation messages and declarative expiration • Content-aware caching and routing based on HTTP header information, including cookies • Self-tuning logic that protects Web servers during traffic spikes and guarantee performance after broad or frequent invalidations • Web server load balancing and failover • Compression of large files for faster delivery • Ability to run on the same or a separate machine from Web servers • Clustering support • Support of partial page caching using Edge Side Include (ESI) technology

Oracle Application Server 10g: Administration - I 9-3

OracleAS Web Cache Architecture
OracleAS

HTTP/HTTPS P2

AppSrv1 P1 Data P3 AppSrv2

OracleAS Web Cache

AppSrv3

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache Architecture This slide shows the basic architecture. OracleAS Web Cache is located in front of application Web servers, caching their content and providing that content to Web browsers that request it. Web Cache is configured to listen on different ports for communicating with different Web servers. When Web browsers access a Web server, they send HTTP or HTTPS protocol requests to OracleAS Web Cache. OracleAS Web Cache, in turn, acts as a virtual server to the application Web servers. If the requested content has changed, OracleAS Web Cache retrieves the new content from the application Web servers.

Oracle Application Server 10g: Administration - I 9-4

How Does OracleAS Web Cache Work?

Web browser 4

OracleAS Web Cache 3 5

Application server

7 1 2 IP Address: 144.25.190.240 www.mycompany.com 144.25.190.240 DNS Server

6 IP Address: 144.25.190.245

Copyright © 2004, Oracle. All rights reserved.

How Does OracleAS Web Cache Work? 1. A browser sends a request to a Web site with the URL www.company.com. This request, in turn, generates a request to the Domain Name System (DNS) for the IP address of the Web site. 2. If an entry is found, DNS returns the IP address, in this case it is 144.25.190.240. 3. The browser sends the request for the Web page, 144.25.190.240:80, to OracleAS Web Cache. (This needs to be configured, because the default port is 7777 or whatever is assigned during installation.) 4. If the requested content is in its cache, then OracleAS Web Cache sends the content directly to the browser. This is called a cache hit. 5. If OracleAS Web Cache does not have the requested content or if the content is stale or invalid, then it passes the request to the application Web server. Each request that cannot be satisfied by OracleAS Web Cache is called a cache miss. 6. The application Web server sends the content to OracleAS Web Cache. 7. OracleAS Web Cache sends the content to the client and makes a copy of the page in the cache. A page stored in the cache is removed when it becomes invalid or outdated, as described later in this lesson.

Oracle Application Server 10g: Administration - I 9-5

OracleAS Web Cache Concepts
• • Populating OracleAS Web Cache Cache freshness and performance assurance
– Expiration (rule based) – Invalidation (event based)

• • •

Cache hit and cache miss responses Caching dynamically-generated content Edge Side Include (ESI)
– Partial page caching – Content assembly

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache Concepts The main concepts of OracleAS Web Cache involve the following: Populating OracleAS Web Cache When OracleAS Web Cache is first configured with a cacheability rule for a set of documents, those documents are not placed in the cache until there is a browser request for them. When a request comes in, OracleAS Web Cache sends the request to the application Web server. If the requested document is specified as one of the documents to cache, OracleAS Web Cache caches the document for subsequent requests. Cache Freshness and Performance Assurance The cached objects lose their relevance over a period of time or because of changes at the origin server. Invalidation and expiration policies ensure consistency between the cache and the content on the application Web servers. • The invalidation mechanism is user/administrator initiated. You can use the invalidation mechanism to mark cache documents as invalid as and when you determine that the cached documents need to be refreshed. • The expiration mechanism enables automation of the cache freshness. Documents can be marked as invalid after a certain amount of time in the cache.
Oracle Application Server 10g: Administration - I 9-6

OracleAS Web Cache Concepts (continued) Cache Freshness and Performance Assurance (continued) When a browser requests documents that are marked as invalid, such documents are refreshed in the cache either immediately or whenever the application Web servers can refresh them. Under heavy load widespread cache invalidation or expiration could negatively affect the performance of the application Web servers. To overcome such performance degradation, OracleAS Web Cache can serve some of the documents stale until the application Web servers have the capacity to refresh them. Cache Hit and Cache Miss Responses For each requested document from the cache, OracleAS Web Cache adds cache hit or cache miss information to the Server response-header field of the HTTP response message. Caching Dynamically Generated Content For dynamically generated pages, browsers pass information about themselves to the origin server, enabling the origin server to serve appropriate content to the browser. HTTP has a way for browsers and origin servers to share information, such as session or category information, in message headers that browsers pass with every request to the origin server. One approach is to use cookies. The other method is to use embedded URL parameter. OracleAS Web Cache is able to recognize both cookies and embedded URL parameters and apply cacheability rules for dynamically generated pages. Edge Side Include (ESI) ESI is an XML-like markup language that enables dynamic content assembly of fragments by OracleAS Web Cache. A template page is configured with ESI markup tags that fetch and include dynamic HTML fragments. The fragments themselves can also contain ESI markup. You can assign caching rules to the template page and HTML fragments. By enabling page assembly in OracleAS Web Cache rather than in the application Web server, you can increase cache hit rates and improve performance. Content Assembly and Partial Page Caching OracleAS Web Cache provides dynamic assembly of Web pages with both cacheable and noncacheable page fragments. OracleAS Web Cache enables Web pages to be broken down into fragments of differing cacheability profiles. These fragments are each maintained as separate elements in the OracleAS Web Cache. The fragments are assembled into HTML pages as appropriate when requested by end users.

Oracle Application Server 10g: Administration - I 9-7

Administering OracleAS Web Cache
• • • • • Starting and stopping OracleAS Web Cache Invalidating documents in the cache Evaluating event logs Evaluating access logs Monitoring Web Cache statistics

Copyright © 2004, Oracle. All rights reserved.

Administering Oracle Web Cache Administrative tasks beside starting, stopping, and restarting OracleAS Web Cache (that were discussed in the previous lesson), include invalidating the whole cache and evaluating event and access logs. • Invalidating documents in the cache: Invalidation messages are sent to an OracleAS Web Cache invalidation listening port through HTTP POST messages. The invalidation messages identify the documents to be invalidated. For a Web administrator it may be necessary to: - Change the invalidation port number (as already seen in the previous lesson) - Initiate sending invalidation messages (as described in the following lesson) • OracleAS Web Cache events and errors are stored in an event log. The event log can help you determine which documents or objects have been inserted into the cache. It can also identify listening port conflicts or startup and shutdown issues. A Web administrator should monitor the event log on a regular basis. • Each Web site that OracleAS Web Cache supports has its own access log. An access log contains information about the HTTP requests sent to OracleAS Web Cache for a Web site. According to this it is also useful for a Web administrator to monitor the access log regularly.
Oracle Application Server 10g: Administration - I 9-8

OracleAS Web Cache Home Page

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache Home Page Application Server Control is the starting point to manage or configure OracleAS Web Cache. Navigate to the System Components table and click the Web Cache link to access the OracleAS Web Cache Homepage. This page is divided into four regions, each providing different functionality. The General region showing basic information as the start time, CPU and memory usage, the number of cached documents, and the size of cached documents. The Start, Restart, and Stop button enables those operations directly from this page. The Activity region displays cache hits and misses in the form of a pie chart. This region also displays a list of the amount of requests per second or amount of data (MB per second) that the Web Cache has served, the percentage of apology pages in the served pages, and the number of open connections. As the name indicates, the Performance region provides links to more sophisticated performance data about the Web server activity, the application Web server itself and popular cached documents. You can click the Web Cache Administration link in the Administration region to access the main administration and configuration page of the Web Cache Manager.
Oracle Application Server 10g: Administration - I 9-9

OracleAS Web Cache Manager

Copyright © 2004, Oracle. All rights reserved.

OracleAS Web Cache Manager The main administration window can be accessed directly using the URL http://<hostname>:4000/webcacheadmin. The default user ID is administrator.The password is the same as used for the ias_admin user. The page has a navigation bar to the left and a main window, which displays the content of the actual link, to the right. The navigation bar, as shown in the slide, consists of the following regions: • Operations: To start, stop, and restart Web Cache, manage invalidations, and rollover log files • Monitoring: To monitor the cache statistics and performance • Properties: To configure the Web cache • Logging and Diagnostics: To configure log files and performance monitoring feature • Ports: To configure the Web cache listen, administrator, and invalidation ports • Origin Server, etc: To configure origin server, site definitions, session binding • Rules for Caching, etc: To configure the caching, personalization, and compression rules • Rule Association: To configure context for the rules for caching, compression. Also to setup expiration policy, cookie, session encoding.
Oracle Application Server 10g: Administration - I 9-10

Using opmnctl to Start and Stop OracleAS Web Cache
• You can use the opmnctl utility to start, stop, and restart OracleAS Web Cache processes.

$ opmnctl startproc ias-component=WebCache $ opmnctl stopproc ias-component=WebCache $ opmnctl restartproc ias-component=WebCache

•

In a stand-alone Web Cache installation, you can use webcachectl to start and stop Web Cache.

$ webcachectl start

Copyright © 2004, Oracle. All rights reserved.

Starting and Stopping OracleAS Web Cache On UNIX/Linux platforms, OracleAS Web Cache manifests as two processes: the Webcache Admin process and the Web Cache server process. On Windows, they appear as two threads within a single process. You can start, stop, and restart OracleAS Web cache processes using opmnctl. To determine the status of OracleAS Web Cache, use the opmnctl status command. For example:
$ opmnctl status ias-component | process-type | pid | status ------------------+------------------+---------+------WebCache | WebCacheAdmin | 10504 | Alive WebCache | WebCache | 10502 | Alive

The status column in the example indicates that both the OracleAS Web Cache admin server (WebCacheA) and the cache server (WebCache) are running (status = Alive). If the processes are not running, then you can start OracleAS Web Cache using the command shown in the slide. In a Web Cache stand-alone environment, you can use the webcachectl utility to start and stop Web Cache.
Oracle Application Server 10g: Administration - I 9-11

Using Application Server Control to Start and Stop OracleAS Web Cache

Copyright © 2004, Oracle. All rights reserved.

Starting and Stopping OracleAS Web Cache (continued) To start, restart, or stop OracleAS Web Cache, you can also use Application Server Control. Select Web Cache in the System Components table and click the appropriate button to start, restart, or stop your Web Cache. It is also possible to start, restart, or stop OracleAS Web Cache from the Web Cache Homepage of the Application Server Control.

Oracle Application Server 10g: Administration - I 9-12

Modifying Security Settings

3 1 2

Copyright © 2004, Oracle. All rights reserved.

Modifying Security Settings When OracleAS Web Cache is first installed, it is set up with default passwords for administration and invalidation. The passwords are stored in webcache.xml file in an encrypted form. Administration User: Configuration and operational tasks can be performed by the OracleAS Web Cache administrator user. The administrator user has the same password as that of ias_admin user. You can change the password for the administrator as follows: 1. In the Navigator pane, select Security in the Properties Section. The Security page appears in the right pane. 2. On the Security page, click Change Administration Password under Administration User. The Change Administration User Password dialog box appears. 3. Enter the password for ias_admin user in the Old Password field and a new password between 4 and 20 characters long in the New Password and Confirm New Password fields. 4. Click Submit. Now the entries in both password fields are confirmed or rejected. 5. Click Apply Changes to save your modifications and restart Web Cache.

Oracle Application Server 10g: Administration - I 9-13

Modifying Security Settings (continued) Invalidation User: Optionally, change the password for the invalidation administrator. The invalidation administrator has the user ID invalidator, whose default password invalidator is set up during installation. Current Trusted Subnets: You can change the trusted subnet or trusted host from which OracleAS Web Cache and invalidation administration can take place. By default, the computer on which you installed OracleAS Web Cache is the trusted host. To change the trusted subnet or trusted host, perform the following steps: 1. On the Security page, click Change Trusted Subnets under Currently trusted subnets. The Change Trusted Subnets dialog box appears. 2. Select one of the following options: - All subnets: Allows administration requests from all computers in all the subnets in the network - This machine only: Allows administration and invalidation requests from this computer only - Enter list of IPs: Allows administration and invalidation requests from all IP addresses you enter in a comma-separated list 3. Click Submit. 4. In the OracleAS Web Cache main page, click Apply Changes and restart OracleAS Web Cache to reread the configuration. You can change the user ID and group ID for the OracleAS Web Cache executables on UNIX. By default, the user that performed the installation is the owner of OracleAS Web Cache executables. Only this user can execute webcachectl start and stop commands. The security settings and the operational ports affect the functioning of other dependent components, such as OracleAS Portal. After you make a change to the security settings or the ports, you should ensure that the dependent components such as OracleAS Portal are synchronized with the changes.

Oracle Application Server 10g: Administration - I 9-14

Configure Listening Ports for Requests

Copyright © 2004, Oracle. All rights reserved.

Configure Listening Ports for Incoming Browser Requests OracleAS Web Cache, by default, is configured to listen for the HTTP protocol on port 7777. If this port is in use, the installation procedure attempts to assign other port numbers from a range of possible port numbers. You can add ports, if necessary. • In the Navigator pane, select Ports > Listen Ports. The Listen Ports page appears. • In the Listen Ports page, click Add. The Edit/Add Listen Ports dialog box appears. • From the list, select the cache for which you want to modify settings. • In the IP Address field, enter the IP address of the computer running OracleAS Web Cache. • In the Port Number field, enter the listening port from which OracleAS Web Cache will receive Web browser requests for the Web site. Ensure that this port number is not already in use. • From the Protocol list, select either HTTP to accept HTTP browser requests on the port or HTTPS to accept HTTPS browser requests on the port. If you selected HTTPS as the listening protocol, you must configure additional information, including the location of the wallet. • Click Submit.

Oracle Application Server 10g: Administration - I 9-15

Specifying Origin Server Settings

1

2

Copyright © 2004, Oracle. All rights reserved.

Specifying Origin Server Settings You can configure OracleAS Web Cache with the application from where it gets its contents. By default, the listening port and host name of the Oracle HTTP Server are configured. OracleAS Web Cache only forwards requests to a configured origin server if the server is mapped to a Web site in the Site-to-Server Mapping page. To configure OracleAS Web Cache with application Web server information, perform the following steps: 1. In the Navigator pane, select Origin Servers from Origin Servers, Sites, and Load Balancing Section. 2. In the Application Web Servers or Proxy Servers page, click Add. 3. In the Hostname field, enter the host name of the application or proxy server. 4. In the Port field, enter the listening port from which the application or proxy server will receive OracleAS Web Cache requests. 5. In the Capacity field, enter the maximum number of concurrent connections that the application or proxy server can accept. The maximum number of concurrent connections that a server can handle is determined by load testing the application Web server or proxy server until it runs out of CPU, responds slowly, or until a back-end database reaches full capacity.
Oracle Application Server 10g: Administration - I 9-16

Specifying Origin Server Settings (continued) 6. In the Failover Threshold field, enter the number of allowed continuous request failures before OracleAS Web Cache considers the origin server down. The default is five requests. 7. In the Ping URL field, enter the URL that OracleAS Web Cache will use to poll an origin that has reached its failover threshold. Instead of using a static URL, you should use a URL that checks the health of the application logic on the origin server and returns the appropriate HTTP 200 or 500 status codes. 8. In the Ping Interval (seconds) field, enter the time in seconds that OracleAS Web Cache will poll an origin server that has reached its failover threshold. The default is 10 seconds. 9. From the Protocol list, select either HTTP to send HTTP requests on the port or HTTPS to send HTTPS requests on the port. 10. Click Submit. Note that OracleAS Web Cache will only forward requests to a configured application Web server or proxy server if the server is mapped to a Web site in the Site to Server Mapping page, which is explained on the following slide.

Oracle Application Server 10g: Administration - I 9-17

Site Definitions
Application Web server www. 1st. comp.com:80

Host 1

Host 2

Browser

Web cache

Application Web server www. Host 3 2nd. comp.com:80

Host 4 Host 5 Application Web server www. *. comp.com:80
Copyright © 2004, Oracle. All rights reserved.

Site Definitions OracleAS Web Cache caches and assembles dynamic content for one or more Web sites. When OracleAS Web Cache receives a browser request for a document, it determines the destination site using one of the following elements: • Host request-header field from the request • Host portion of the requested URL • src attribute of the ESI <esi:include> tag OracleAS Web Cache then looks up the configured site settings and mappings to determine if the site is supported, and the application Web servers or proxy servers and caching rules for the site. The illustration in the slide shows Web sites www.1st.comp.com:80 and www.2nd.comp.com:80 that have site aliases of 1st.company.com:80 and 2nd.company.com:80, respectively. The site to application Web server mappings are as follows: • www.1st.company.com maps to application Web servers host1 and host2 • www.2nd.company.com maps to application Web servers host2 and host3 • www.*.company.com maps to host4 and host5
Oracle Application Server 10g: Administration - I 9-18

Configuring Site Definitions

1

2
Copyright © 2004, Oracle. All rights reserved.

Configuring Site Definitions To configure a site definition: 1. In the OracleAS Web Cache Manager Navigator pane, scroll down to the Origin Servers, Sites, and Load Balancing Section and, select Site Definitions. The Site Definitions page appears in the right pane. 2. On the Site Definitions page, click Add to add a new site. 3. In the Host Name field, enter the host name of the site such as myserver.us.oracle.com. Do not use the wildcard * to represent multiple sites. 4. In the Port Number field, enter the port number from which the Web site is listening for incoming HTTP requests. The port number should be the port used in browser requests. 5. In the HTTPS Only Prefix field, enter the URL prefix for which only HTTPS requests will be served. If all traffic must be restricted to HTTPS, enter “/ ” for the entire site. 6. In the Default Site field, select Yes to specify the sites as the default site, or select No to specify this site as a nondefault site. If you select Yes for a site, another site that previously had the Yes setting will change to No.
Oracle Application Server 10g: Administration - I 9-19

Configuring Site Definitions (continued) 7. In the Create Alias from Site Name with/without www field, select either Yes or No. Many sites are represented by one or more aliases. OracleAS Web Cache recognizes and caches requests for a site and its aliases. For example, site www.mycompany.com:80 may have an alias of company.com:80. By specifying this alias, OracleAS Web Cache caches the same content from either company.com:80 or www.company.com:80. If a request includes a site alias that is not configured, then OracleAS Web Cache sends the request to the default site. - Select Yes to use the site name as a site alias. For example, if the site domain name is company.com, a site alias of www.company.com will be used. If the site domain name is www.company.com, a site alias of company.com will be used. - Select No if you do not want to use the site name as a site alias. 8. Click Submit. 9. In the main OracleAS Web Cache Manager window, click Apply Changes and restart OracleAS Web Cache.

Oracle Application Server 10g: Administration - I 9-20

Configuring Site to Server Mapping

2 1

3

Copyright © 2004, Oracle. All rights reserved.

Configuring Site to Server Mapping After specifying a site definition, you must map the site to the origin servers: 1. In the Navigator pane, under Origin Servers, Sites and Load Balancing section select Site to Server Mapping. 2. In the Site to Server Mapping page, select a mapping from the table. 3. Click Insert Above, Insert Below or Edit Selected as per your need. Edit/Add Site to Server Mapping dialog box appears. 4. In the Edit Site Name section, select one of the following options: - Enter Site Name to enter the site name, such as www.mycompany.com or *.company.com, as well as the HTTP or HTTPS port number from which the site is listening for incoming requests. - Select from Site definitions to select a site definition created in the Site Definitions page. 5. In the Select Application Web Servers to which this Site is mapped, select one of the following options: - Application Web Servers to select application Web servers specified in the Application Web Servers page. - Proxy Servers to select proxy servers specified in the Proxy Servers page.
Oracle Application Server 10g: Administration - I 9-21

Configuring Site to Server Mapping (continued) 6. In the Exclude section, select one of the following options to restrict OracleAS Web Cache access to the origin servers for the sites specified in Edit Site Name. - ESI restricts OracleAS Web Cache from using this mapping for ESI. Select this option if the site is a virtual host site that does not provide ESI content. - NON_ESI restricts OracleAS Web Cache from using this mapping for any content that is not ESI. Select this option if the site is an ESI provider site. - NONE does not enforce any OracleAS Web Cache restrictions. Select this option if the site is a virtual host site that supports ESI. - For example, one mapping entry that uses Exclude ESI does not mean that OracleAS Web Cache is not allowed to assemble ESI content from other origin servers. 7. Click Submit. The Edit/Add Site to Server Mapping dialog box closes. 8. In the Site to Server Mapping page, select a mapping, and then choose Move Up or Move Down to order the mappings. Note that higher priority mappings are processed first. Because mappings that use the wildcard * encompass a broader scope, give these rules a lower priority than other mappings.

Oracle Application Server 10g: Administration - I 9-22

Caching Rules: Overview
• Caching rules specify whether or not to cache content, and determine what content to cache:
– – – – – – – Static documents Multiple-version URLs Personalized pages Pages that support session tracking HTTP error messages URLs that match with regular expressions URL trees that contain a document or a subtree

• •

Caching is based on priority rules (top is highest). Rules also specify the caching of static versus dynamic content.

Copyright © 2004, Oracle. All rights reserved.

Caching Rules: Overview The caching rules allow you to define various URL expressions. These URL expressions can represent one or more documents. If the expression represents several documents, such as complete directories and subdirectories, it is called a subtree of URLs. The priority at the top overrules the expressions under it. You can specify caching rules in the following three formats: • Regular expressions • File extension • Path prefix This enables easier specification of caching rules.

Oracle Application Server 10g: Administration - I 9-23

Predefined Caching Rules

Copyright © 2004, Oracle. All rights reserved.

Predefined Caching Rules In OracleAS Web Cache Manager, scroll down the Navigator pane to the Rules for Caching, Personalization and Compression section and click Caching Rules to see the caching rules. The following rules are predefined by Oracle: • \.pdf$: Since OracleAS Web Cache has been enhanced to support HTTP range requests, it is preconfigured to cache documents ending in .pdf. If the application Web server that uses OracleAS Web Cache sends HTTP requests to return certain documents in multipart format, these documents are now cacheable. For example, certain browsers send range requests for PDF documents; therefore, all PDF documents should be set to be cacheable. • \.html?$: Caches all files whose URL ends with html or htm. • \.(gif|jpe?g)$: Caches all files ending with jpeg or jpg • \.(bmp|png)$: Caches all files ending with bmp or png • \.js$: Caches .js (JavaScript) files The slide illustrates a portion (from rule 9 to rule 13) of the predefined caching rules.

Oracle Application Server 10g: Administration - I 9-24

Rules for Caching, Personalization, and Compression
The Priority column specifies the order in which the rules are processed:

Copyright © 2004, Oracle. All rights reserved.

Rules for Caching, Personalization, and Compression In the Caching Rules pane, the second column from the left specifies the rule’s priority, that is, the order in which the rules are applied. The first match is applied and subsequent rules are not followed. In the following example, apply the rules in the following order: 1. ^/abc/.*index\.htm$ to cache index.htm[l] files. 2. ^/abc/bc/index\.htm$ defined because you do not want the index file from this specific directory to be cached. The result is that OracleAS Web Cache caches the index.htm file in both directories, because the first rule overrides the second. Because the first rule matches, the second rule is not applied. Alternatively, applying the rules in the following order has the desired result: 1. ^/abc/bc/index.htm$ should not be cached. 2. ^/abc/.*index\.htm$ should be cached.

Oracle Application Server 10g: Administration - I 9-25

Creating Caching Rules

Copyright © 2004, Oracle. All rights reserved.

Creating Caching Rules To specify cacheability rules, perform the following steps in the Oracle Web Cache Manager main window: 1. In the Navigator pane, scroll down to the Rules for Caching, Personalization, and Compression section, and select Rules for Caching, Personalization, and Compression. The Cacheability Rules page appears in the right pane. 2. On the Cacheability Rules page, choose Create Site Specific Rule or Create Global Rule if no rule exists. If rules already exist, select a rule, and then choose Insert Above or Insert Below, depending on the priority the rule should have. The Create Cacheability Rule dialog box appears. 3. In the URL Expression field, enter regular expression syntax, matching the URLs to which you want the cacheability rule to apply. Remember to use ^ to denote the start of the URL and $ to denote the end if necessary.

Oracle Application Server 10g: Administration - I 9-26

Creating Caching Rules (continued) 4. In the Method section, select to cache documents that use GET, GET with query string, or POST HTTP request methods. You can select more than one request method. If your Web site uses the GET with query string or POST method for forms that make changes to the application Web servers or database, it is important not to select GET with query string or POST. As an example, caching search results might be a good approach whereas you should be careful to cache something that has a site effect when the cached result is transferred to the client. 5. If you have selected POST in step 6, specify the HTTP POST body of the documents in the POST Body Expression field. To apply this rule to any POST request body, enter “.*” in the field. 6. Select Cache or Don't Cache for the documents contained within the URL. 7. In ESI Output Permission, select either Yes or No. The default is Yes. Select Yes to enable Edge Side Include (ESI)-compliant proxy caches, such as Akamai Edge Suite, to process ESI tags. Select Yes only if the following conditions apply: - The ESI-compliant cache or service resides between browsers and OracleAS Web Cache. - You prefer the remote OracleAS Web Cache cache or third-party service to perform the ESI processing rather than the local OracleAS Web Cache. Select No to disallow other ESI-compliant caches or services from processing ESI tags. 8. Optionally, to help track the meaning of rules, enter a comment for the cacheability rule in the Comment field. 9. The Compression field enables you to compress documents. If a document retrieved from the application Web server already contains a Content-Encoding header, that is typically used to denote compression, OracleAS Web Cache does not compress it. 10. Click Submit.

Oracle Application Server 10g: Administration - I 9-27

Edit Cacheability Rules

Copyright © 2004, Oracle. All rights reserved.

Edit Cacheability Rules To edit already existing rules, for example for html files, select the rule in the Cacheability Rules pane, click Edit. This opens the Edit Cacheability Rule page. The first part contains exactly the same fields discussed before. Here you can specify settings for the following additional fields: • Expiration Rule From the list, select an expiration rule to apply to the documents. If you do not see an expiration rule suitable for the documents, select Create A New Rule to create a new rule. • Multiple Documents with Same Selector by Cookies Select None to have OracleAS Web Cache not cache multiple-version documents that use cookies. Select “Apply the following” and then the required cookies to have OracleAS Web Cache cache multiple-version documents that rely on cookie values. If you do not see a cookie rule that can be applied to these documents, select Create A New Rule to create a new policy or modify an existing policy.

Oracle Application Server 10g: Administration - I 9-28

Edit Cacheability Rules (continued) • Multiple Documents with the Same Selector by Other Headers Select the HTTP request headers whose values OracleAS Web Cache should use to cache and identify multiple-version URLs. User-Agent contains information about the Web browser that initiated the request. Note: OracleAS Web Cache does not interpret the values of these HTTP request headers. If the values for two pages are different, OracleAS Web Cache caches both pages separately. • Session/Personalized Attribute-Related Caching Rules Select None to have OracleAS Web Cache not cache documents that use session information contained within a cookie or embedded in a URL as a parameter. Select “Apply the following” and then the required session definitions to have OracleAS Web Cache cache documents with session information. If you do not see the session that these documents require, choose Create A New Rule to create a new rule. Note: Session-related caching rules are also required for pages that use personalized attributes. • Simple Personalization Select No to not cache documents with personalized attributes or session-encoded URLs. Select Yes to cache documents with personalized content, and then select one of the following options: - “Pages do not contain HREFs that are session-encoded URLs,” to cache substitution instructions for only personalized attributes - “Pages contain HREFs that are session-encoded URLs,” to cache substitution instructions for both personalized attributes and session-encoded URLs • HTTP Error Caching Enter the HTTP error codes that you want the OracleAS Web Cache to cache. If you enter multiple codes, use commas to separate them. If there is a problem on the application Web servers that remain unresolved, you can cache the error until the problem is resolved. After the problem is resolved, you should invalidate the cached HTTP errors.

Oracle Application Server 10g: Administration - I 9-29

Expiration Rules
• When a cached object has a predictable time for usefulness, you can specify the expiration rule for that object. There are three options for setting expiration rules:
– Specified time after entry into cache – Specified time after the document is created – Specified as per HTTP Expires header

•

•

Expired objects can be processed in two ways:
– Refresh immediately – Refresh on demand and no later than the specified time after expiration
Copyright © 2004, Oracle. All rights reserved.

Expiration Rules You would specify expiration rule for a cacheable object if you can predict its duration for usefulness. When an object expires, OracleAS Web Cache marks it as invalid. There are three ways to set expiration rules with the OracleAS Web Cache: • Expire <time> after cache entry Expiration is based on when the object is inserted into the cache. • Expire <time> after document created Expiration is based on when the object was created. This option relies on the LastModified header generated by the origin Web server. • Expires as per the HTTP Expires header This is the default option. Expiration is based on the Expires header that is generated by the origin Web server. A Web site that displays weather forecasts and current climate conditions is an example of an application that would benefit from invalidation using the expiration policies. The Web pages relating to the climate conditions could be set to expire 30 minutes after the pages were created, thereby ensuring that users never receive outdated information.

Oracle Application Server 10g: Administration - I 9-30

Defining Expiration Rules
Expire: • After cache entry • After document creation • Based on the HTTP header Remove documents: • Immediately • Based on
– Stale versus fresh

Copyright © 2004, Oracle. All rights reserved.

Defining Expiration Rules To create expiration rules, perform the following steps: 1. In the Oracle Web Cache Navigator pane, select Administering Web Sites > Caching Rules > Expiration Rules and click Add. 2. In the Expire region, specify when documents should expire by selecting one of the options. The first two options enable you to set the expiration for rules specific to OracleAS Web Cache, but the third option recognizes the expiration policy established for the documents already programmed with an HTTP Expires header. This is the default. To use this option, documents must be programmed to use the HTTP Expires header. 3. In the After Expiration region, specify how you want OracleAS Web Cache to process documents after they have expired: - Select “Remove immediately” to mark documents as invalid and then refresh them immediately with updated content from the application Web servers. - Or, select “Refresh on demand as application Web server capacity permits and no later than <time> after expiration” and enter the maximum amount of time the documents can reside in the cache.

Oracle Application Server 10g: Administration - I 9-31

Invalidation Messages
Trigger Programmatic Internet Origin server Database Web cache Manual or script
POST /x-oracle-cache-invalidate HTTP/1.0 X-Oracle-Cache-Invalidate-URL-Prefix: /catalog X-Oracle-Cache-Invalidate-Level: 0

Web cache manager

Copyright © 2004, Oracle. All rights reserved.

Invalidation Messages Invalidation mechanism is useful where the changes are more frequent and not predictable. OracleAS Web Cache provides a privileged user INVALIDATOR that can interactively mark cache contents invalid. You can also enable invalidation messages to be sent by the Web applications, by integrating the invalidation message format and grammar into the applications. OracleAS Web Cache invalidation messages are HTTP POST requests that include XML data. The contents of the XML message body tells the cache which URLs to mark as invalid. The message in the slide, for example, invalidates all URLs starting with /catalog with a severity of 0 (that means, never serve these pages stale). Invalidation messages can be sent using one of the following methods: • Using OracleAS Web Cache Manager • Using Telnet • Using database triggers, scripts, or applications

Oracle Application Server 10g: Administration - I 9-32

Invalidation Messages (continued) Manual Invalidation Using OracleAS Web Cache Manager OracleAS Web Cache Manager provides an easy-to-use browser interface for invalidating cached objects. The advantage of the browser approach is that the administrator is isolated from the intricacies of the HTTP and XML formats and, consequently, there is less chance for error. The administrator specifies only which objects to invalidate and how invalid those objects should be. Manual Invalidation Using Telnet Manual invalidation can be performed through Telnet. This involves generating an HTTP POST message containing the host name of the OracleAS Web Cache machine, the invalidation listening port number, authentication data, and the invalidation instructions. Automatic Invalidation Using Database Triggers Database triggers are procedures that are stored in the database and activated (or “fired”) when an INSERT, UPDATE, or DELETE statement is issued against a table. A trigger stored in the database can include SQL and PL/SQL or Java statements to be executed as a unit. Specifically, a trigger can be set so that when a database table is updated, an HTTP invalidation message is sent to the OracleAS Web Cache. (Any database that supports triggers and HTTP can be used to invalidate content stored in OracleAS Web Cache.) Automatic Invalidation Using Scripts Many Web sites use scripts for uploading new content to databases and file systems. For example, a large online book retailer, for instance, might run a PERL script once per day to load new book listings and price changes into its catalog database. The retailer would want the price changes and availability listings to be reflected in the item views and search results currently cached in OracleAS Web Cache. To achieve this, the PERL script can be modified so that when the bulk loading operation completes, the script sends an invalidation message to the cache invalidating all catalog views and search results. Automatic Invalidation Using Applications Invalidation messages can also originate from a Web site’s underlying application that is used to design Web pages. OracleAS Web Cache is shipped with an invalidation API that enables sites using JSP and Java servlets to take advantage of automatically generated invalidation messages. With only moderate code changes, almost any application can automatically generate the XML and HTTP code required to invalidate cached content. Invalidation Using Secondary Key In previous releases, Invalidation requests needed to specify either exact URLs or a set of URLs and headers matching a regular expression in order to invalidate cached objects. Because it can be difficult for applications to map URLs to the underlying data used to generate those URLs, OracleAS Web Cache invalidation has been extended to support search keys. Cached objects can now be associated with multiple application-specified search keys, with the URL-based key being the primary key.

Oracle Application Server 10g: Administration - I 9-33

Basic Content Invalidation
1

Copyright © 2004, Oracle. All rights reserved.

Basic Content Invalidation To refresh cache content using expiration rules is sufficient when the changes are predictable such as a weather forecast that needs to be refreshed every 30 minutes. The other method is to use invalidation for unpredictable changes like emptying a shopping cart after purchasing an order. To invalidate cache content, use Web Cache Manager: 1. In the Navigator pane, select Basic Content Invalidation in the Operations region. 2. For Cache field defines the cache from which you want to remove the documents ina cache cluster. Select the cache from which you want invalidate content if you are using cache cluster. 3. Remove all cached documents: Removes all the documents from the specified cache. 4. Enter exact URL for removal: Provides the URL of the documents to be invalidated. Include the complete path and file name. 5. The Action region specifies how you want OracleAS Web Cache to process invalid documents. You can preview the list of documents to ensure that you are removing only the documents you want to remove.

Oracle Application Server 10g: Administration - I 9-34

Rules for Multiple-Version Documents Containing Cookies

Cookie Name

Value

ec-400-id-acctcat=CUSTOMER ec-400-id-acctcat=WALKIN
Same URL

Copyright © 2004, Oracle. All rights reserved.

Rules for Multiple-Version Documents Containing Cookies 1. Select Administering Web Sites > Caching Rules > Multiple Documents with Same URL by Cookies. The Multiversion URLs - Cookies page appears in the right pane. 2. On the Multiversion URLs - Cookies page, click Create. The Edit/Create Multiple Documents with Same URL by Cookies Rule dialog box appears. 3. In the Cookie Name field, enter the name of the cookie. 4. Select Yes to also cache documents whose requests do not contain this cookie. The Yes option enables you to serve documents from the cache for browser requests that do not use the value of this cookie. Version Same URL Cookie Name/Value http://www.dot.com/page1.htm user_type=Customer 1 2 http://www.dot.com/page1.htm user_type=Internal 3 http://www.dot.com/page1.htm user_type=Promotional 4 http://www.dot.com/page1.htm user_type/Nocookievalue The slide example shows a URL whose cookie value is ec-400-id-acctcat=WALKIN for walk-in customers, and ec-400-idacctcat=CUSTOMER for employees.

Oracle Application Server 10g: Administration - I 9-35

Performance Assurance and Surge Protection
Web Cache uses a patent-pending performance assurance logic to ensure that: • Invalidation of a large number of objects in the cache does not result in a surge • Load on the Web server and database is dampened • Capacity heuristics are based on:
– – – – Request queue length Document popularity Document validity Invalidation age

Copyright © 2004, Oracle. All rights reserved.

Performance Assurance and Surge Protection When faced with the choice of serving some stale content or no content at all, most Web site administrators opt for the former. The result is that overall Web site performance remains constant at the higher throughput levels sustainable by the cache, even with frequent content changes on the origin Web server and database. OracleAS Web Cache uses a patent-pending performance assurance logic that determines which objects to refresh and which objects to serve stale, with minimal tradeoff between Web site performance and content consistency. Input for the heuristic algorithm is provided in part by the OracleAS Web Cache administrator and in part by statistics gathered by OracleAS Web Cache during normal operations. The queue order of documents is based on the popularity of documents and the validity of documents assigned during invalidation. If the current load and capacity of the application Web server are not exceeded, the most popular and least valid documents are refreshed first. OracleAS Web Cache passes requests for noncacheable or stale documents to the application Web servers. To prevent an overload of requests on the application Web servers, OracleAS Web Cache has a surge protection feature that enables you to set a limit on the number of concurrent requests that the application Web servers can handle. When the limit is reached, subsequent requests are queued.
Oracle Application Server 10g: Administration - I 9-36

Caching Dynamic and Partial Pages
Caching dynamic pages: • Cookies or embedded URLs enable OracleAS Web Cache to recognize cacheability rules for pages with:
– Multiple versions of the same document – Personalized attributes – Session information

Caching partial pages: • OracleAS Web Cache provides dynamic assembly of Web pages with both cacheable and noncacheable page fragments, using ESI tags.

Copyright © 2004, Oracle. All rights reserved.

Caching Dynamic and Partial Pages Caching Dynamically Generated Content Most Web pages today are dynamically generated before delivery to the browser. Web developers frequently use database-driven technologies for complex Web sites, that are easier to modify and maintain. Examples of pages that are dynamically generated include: • A product catalog, where information on pricing and inventory might vary from one moment to the next • Auction views, that must be regenerated after each successful bid is processed • Search results, that can change as catalog items are added and removed Because of invalidation, OracleAS Web Cache knows which documents are valid and which documents are invalid. This is especially important for dynamically generated content that changes frequently. Most static caches and content distribution services have no mechanism to verify the consistency of dynamically generated Web pages with the data sources used to create them. Therefore, it is difficult for these services to know when content has changed.

Oracle Application Server 10g: Administration - I 9-37

Caching Dynamic and Partial Pages (continued) Caching Dynamically Generated Content (continued) For dynamically generated pages, browsers pass information about themselves as a browser to the application Web server, enabling the application Web server to serve appropriate content to the browser. The HTTP protocol has a way for browsers and application Web servers to share information, such as session or category information, in message headers that browsers pass with every request to the application Web server. This message header can contain a cookie. Cookies are stored on the browser’s file system and are often used for identifying users who revisit Web sites. Many users choose to disable cookies in their browsers out of privacy concerns. For this reason, application Web servers often embed parameter information in the URL. OracleAS Web Cache can recognize both cookies and embedded URL parameters, enabling it to follow cacheability rules for pages with: • Multiple versions of the same document • Personalized attributes • Session information Content Assembly and Partial Page Caching New Edge Side Include (ESI) functionality enables OracleAS Web Cache to aggregate portions of Web pages and reassemble them for individual users. ESI is the result of a joint development effort between Oracle and Akamai, and has now been proposed as an open standard. ESI is a simple markup language that application developers use to identify content fragments for dynamic assembly in edge servers, such as OracleAS Web Cache and third-party content delivery networks (CDNs). The partial-page caching functionality that ESI enables is especially useful for Web pages that contain targeted banner advertisements, individual account information, or other user-unique elements that should not be cached. With ESI, the edge server can store all of the common elements of a Web page and query the database or other content repositories only for any highly personalized objects. By uniquely identifying common elements (such as stock quotes, weather reports, news, or graphics) that can be shared among different Web pages, only one copy of each element needs to be cached, invalidated and revalidated, thus saving valuable resources across all the layers of the OracleAS Infrastructure. Much more HTML content can be cached, then assembled and delivered by OracleAS Web Cache when requested. Furthermore, page assembly can be conditional, based on information provided in HTTP request headers or end-user cookies.

Oracle Application Server 10g: Administration - I 9-38

Specifying Additional Listening Ports

Copyright © 2004, Oracle. All rights reserved.

Specifying Additional Listening Ports To specify additional listening ports: 1. In the Navigator pane, select Listening Ports in the Ports region. The Listening Ports page appears in the right pane. 2. On the Listening Ports page, click Add. The Edit Listening Ports page dialog box appears. 3. If you are using multiple Web Cache servers select the one you want to use from the drop-down list. 4. In the IP Address field, enter the IP address of the computer running Web Cache. 5. In the Port Number field, enter the listening port from which OracleAS Web Cache will receive Web browser requests for this Web site. Ensure that this port number is not already in use. 6. In the Protocol field, specify whether you want to use HTTP or HTTPS. In case you choose HTTPS, you also need to enter a wallet location in the Wallet field. 7. Click Submit. 8. In the OracleAS Web Cache main window, click Apply Changes, and restart Web Cache to reread the configuration.

Oracle Application Server 10g: Administration - I 9-39

Changing Operations Ports

Copyright © 2004, Oracle. All rights reserved.

Changing Operations Ports For a Web administrator it may be necessary to change the operations port numbers according to port conflicts. This can be achieved using Web Cache Manager. 1. In the Navigator pane, scroll down to the Cache-Specific Configuration region, click the Operations Ports link. This opens the Operations Ports page in the right pane. 2. Click Edit to change one or all ports. This opens the Edit Operations Port dialog box. 3. Change the desired port numbers and click Submit to apply any changes.

Oracle Application Server 10g: Administration - I 9-40

Logging Events and Accessing Information
• • • The OracleAS Web Cache events and errors are stored in an event log. The access log contains information about the HTTP requests sent to OracleAS Web Cache. You can configure the content of the access log files by defining the fields to appear for each HTTP request event.

Copyright © 2004, Oracle. All rights reserved.

Logging Events and Accessing Information The OracleAS Web Cache events and errors are stored in an event log. The event log can help you determine which documents or objects have been inserted into the cache. It can also identify listening port conflicts or startup and shutdown issues. The event log has a file name of event_log and is stored in the Oracle Home/webcache/logs directory. OracleAS Web Cache generates an access log that contains information about the HTTP requests sent to OracleAS Web Cache. By default, the access log has a file name of access_log and is stored in the Oracle Home/webcache/logs directory. OracleAS Web Cache supports the following log formats: • Common LogFile Format (CLF), • Combined Format, • Web Cache Log Format (WCLF)

Oracle Application Server 10g: Administration - I 9-41

Configuring Access Log

Copyright © 2004, Oracle. All rights reserved.

Configuring Access Log To establish access log configuration settings, perform the following steps: 1. Start OracleAS Web Cache Manager. In the Navigator (Left) Panel, select Logging > Access Logs. The Access Logs page appears on the right panel. 2. Set cache-specific access log settings as follows: - From the Cache-Specific Access Log Configuration table, select a cache, and then click Edit Selected. The Edit Event Log Cache-Specific Settings dialog box appears. - In the Directory field, enter the directory in which to write access logs. The default is $ORACLE_HOME/webcache/logs. - In the Enabled field, select Yes to enable logging, or No to disable logging. - In the Buffering field, select Enabled to enable buffered logging or Disabled to disable buffered logging. With buffered logging, OracleAS Web Cache writes to the event log after the buffer is full. The buffer size is set 2048 bytes. When the limit is reached, OracleAS Web Cache writes buffered events to the access log file. - In the Flush Interval field, set the frequency at which buffered events are written to the access log file. The default is 10 seconds. When the interval is reached, OracleAS Web Cache writes buffered events to the event log file. - Click Submit.
Oracle Application Server 10g: Administration - I 9-42

Configuring Event Log

Copyright © 2004, Oracle. All rights reserved.

Configuring Event Log Configuring event log involves two groups of settings: the cache-specific setting, and the general information. To configure the event log, perform the following steps: 1. Start the OracleAS Web Cache Manager. In the Navigator pane, select Logging > Event Logs. The Event Logs page appears in the right pane. 2. Set cache-specific event log settings: - From the Cache-Specific Event Log Configuration table, select a cache, and then click Edit Selected. The Edit Event Log Cache-Specific Settings dialog box appears. - In the Directory field, enter the directory in which to write event logs. The default is $ORACLE_HOME/webcache/logs. - In the Enabled Buffering field, select Yes to enable buffered logging or No to disable buffered logging. With buffered logging, OracleAS Web Cache writes to the event log after the buffer is full. The buffer size is set to 2048 bytes. When the limit is reached, OracleAS Web Cache writes buffered events to the event log file. - In the Flush Interval field, set the frequency at which buffered events are written to the event log file. The default is 10 seconds. When the interval is reached, OracleAS Web Cache writes buffered events to the event log file. - From the Verbosity list, select the needed level of detail for the event log.
Oracle Application Server 10g: Administration - I 9-43

Configuring Rollover Frequency
• • • Hourly rollover Rollover at specified times of the day Allows user to manually rollover access log file without shutting down Web Cache.

Copyright © 2004, Oracle. All rights reserved.

Configuring Rollover Frequency The access and event logs can grow and create a contention for disk space over a period of time depending on the level of activity and the level of details you have specified to be logged. You can configure the frequency of automatic rollover of access logs. This will enable you to recycle your access log space at your configured frequency. You can configure the rollover frequency policy as follows: • Select an existing policy and click Edit Selected to modify and existing rollover policy, or click Add to create a new policy. The Edit/Add Access Log Rollover Policy dialog box appears. • In the Rollover Policy Name field, enter a unique name for the rollover policy. • From the Rollover Frequency list, select how often you want to change the frequency at which OracleAS Web Cache saves current log information to access_log_file.yyyymmdd and writes new log information to the access log file. • From the Time Style list, select either LOCAL or GMT to set the time style you want to associate with a schedule. • Select a schedule from the Schedules list. To create a new schedule, select the day, enter the time based on the selected time style, and then click Add Schedule. • Click Submit.
Oracle Application Server 10g: Administration - I 9-44

Manual Rollover of Logs

Copyright © 2004, Oracle. All rights reserved.

Manual Rollover of Logs In addition to configuring event and access log rollover frequency, as described earlier, you can also use OracleAS Web Cache Manager to manually initiate the rollover of event and access logs. During the rollover process, OracleAS Web Cache saves current log file to the log_file.yyyymmdd file and writes new log information to the event_log file. To immediately rollover log files: • Start OracleAS Web Cache Manager, if it is not started. • In the Navigator pane, select Operations > On-Demand Log File Rollover. The OnDemand Log File Rollover page appears in the right pane. • To rollover event log files: From the Event Logs table, select an individual cache or click Select All to select all the caches. • To rollover access log files: From the Access Logs table, select an access log for a configured site or click Select All to select all the caches. • Click Submit.

Oracle Application Server 10g: Administration - I 9-45

Web Cache Statistics
• • • • • • • Last Modified - page generation time Oracle Web Cache Start Timestamp Time Since Start - Web Cache Uptime Number of Documents in Cache Cache Size (in bytes) Total Number of Bytes Written to cache Current Number of Open Connections

Copyright © 2004, Oracle. All rights reserved.

Web Cache Statistics 1. In the Oracle Web Cache Manager Navigator pane, select Administering Web Sites > Monitoring Oracle Web Cache > Statistics. The following fields are provided: - Oracle Web Cache Start Timestamp: The startup time of OracleAS Web Cache. - Time Since Start: The length of time that OracleAS Web Cache has been operating since it was started. Time is denoted in days/hours/minutes/seconds. - Number of Documents in Cache: The number of documents stored in Web Cache, plus the number of documents in transit through the cache. - Cache size (in bytes): The current size of the cache. You can adjust the maximum size of the cache on the Maximum Cache Size page. - Total Number of Bytes Written: The total number of bytes written to the cache. - Total Requests Served Table: Information about the number of requests Oracle Web Cache has or is currently serving to Web browsers. - Percentage Requests Served Table: Information about the percentage of requests that OracleAS Web Cache is currently serving (% Now) and has served since it was started (% Since Start). 2. In the Oracle Web Cache Navigator pane, select Administering Web Sites > Monitoring Web Application Servers > Application Server Statistics to monitor performance of the application Web servers.
Oracle Application Server 10g: Administration - I 9-46

Summary
In this lesson, you should have learned to do the following: • Start, stop, and restart OracleAS Web Cache • Change passwords for administrative users and listener ports • Specify site-to-server mappings • Create and configure caching rules • Set up basic invalidation mechanism • Setup expiration rules • Configure access and event logs • Obtain basic performance statistics
Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 9-47

Managing and Configuring OC4J

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Create OC4J instances • Start and stop OC4J instances • Enable or disable application start up • Configure an OC4J Instance properties • Configure Web site and JSP properties • Edit OC4J configuration files

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server The Oracle Application Server offers the following installation types: • J2EE and Web Cache: Provides a basic Web server that implements Java 2 Platform, Enterprise Edition (J2EE) applications and accelerates Web caching • Portal and Wireless: Enables the deployment of enterprise portals and wireless applications; this installation type includes the components available in the J2EE and Web Cache editions • Business Intelligence and Forms: Enables analysis of data, personalization of applications, and deployment of decision support system (DSS) and Web-based reports. It includes components available in the Portal and Wireless edition, and also features Forms Services. Before installing an instance of either Portal and Wireless or Business Intelligence and Forms, you must install and configure the OracleAS Infrastructure somewhere in your network, optimally on a separate machine.

Oracle Application Server 10g: Administration - I 10-2

Introduction to Managing OC4J
You can manage OC4J using: • Application Server Control:
– Recommended management tool for any Oracle Application Server installation – Graphical interface to manage OC4J components, clusters, and deploy applications

•

Command-line utilities:
– opmnctl: Starts and stops OC4J Instance – dcmctl: Creates OC4J Instance and deploys applications

Copyright © 2004, Oracle. All rights reserved.

Introduction to Managing OC4J As with all components of Oracle Application Server, OC4J can also be managed in two distinct ways: • Using Application Server Control, the graphic user interface, you can interactively manage the OC4J instances. This will be particularly useful for monitoring and troubleshooting OC4J instances. • Using command-line interfaces such as DCMCTL and OPMNCTL, you can manage the OC4J instances in a noninteractive environment, that is, when performing batch processing, or scheduled/automated maintenance operations.

Oracle Application Server 10g: Administration - I 10-3

Creating an OC4J Instance
2

OC4J_Temp

3

4

5

Copyright © 2004, Oracle. All rights reserved.

Creating an OC4J Instance A default OC4J Instance is installed with the name home. You can create additional instances, each with a unique name within an application server instance. 1. In the Application Server Control, navigate to the application server instance where you want to create the new OC4J Instance. 2. Click Create OC4J Instance. This brings up a page that requests a name for the new instance. 3. Provide a name in the field. 4. Click Create. 5. A Confirmation page appears indicating that the OC4J Instance was created. A new OC4J Instance is created with the name you provided. This OC4J Instance shows up on the application server instance page in the System Components section. The newly created OC4J Instance is not started up, you should start it before you can deploy applications to it. When you create a new OC4J instance, you also create a directory of the same name in $ORACLE_HOME/j2ee/ directory. For example, in the case shown above, OC4J_Temp directory is created in /home/oraas/bi01/j2ee/ directory.
Oracle Application Server 10g: Administration - I 10-4

Creating an OC4J Instance Using dcmctl You may also need to create an OC4J Instance in a noninteractive way. In such cases, you can use the command-line utility dcmctl to create OC4J Instance. You can use the following command to create an OC4J Instance with the name OC4J_Temp.
dcmctl createComponent -ct oc4j -co OC4J_Temp

You can verify if the OC4J Instance is created by using the dcmctl listcomponents command.
$ 1 2 3 4 5 6 7 $ dcmctl listcomponents HTTP_Server:HTTP_Server OC4J:OC4J_BI_Forms OC4J:OC4J_Demos OC4J:OC4J_Portal OC4J:OC4J_Temp OC4J:home WebCache:WebCache

You can also check if OC4J_Temp directory has been created under …/j2ee directory.
$ ls ../../j2ee deploy.ini OC4J_BI_Forms OC4J_Portal $ home OC4J_Demos OC4J_Temp j2eetargets.xml oc4j_opmn.xml properties

Oracle Application Server 10g: Administration - I 10-5

Application Server Control: OC4J Home Page

Copyright © 2004, Oracle. All rights reserved.

Application Server Control: OC4J Home Page The OC4J Home page provides a single view of the instance and provides for administration of the various elements in the J2EE application environment. Use the OC4J home page for the Enterprise Manager Application Server Control to: • Configure the OC4J Instance • Administer services and resources, such as data sources and security • Monitor the availability, usage, and performance of the server and applications OC4J Homepage has the following sections: • General: This section provides a snapshot of the current status of the OC4J server, allows you to stop, start, or restart the OC4J server. • Status: The Status section provides a quick view of the performance of the server, CPU Usage, Memory Usage, and Heap Usage. • JDBC Usage: This section provides the number of open JDBC connections, active transactions, number of commits, and rollbacks. • Response Servlets and JSPs: This section provides details about the active sessions, active requests, average time for processing requests, and the number of requests processed per second. • Response-EJBs: The Response - EJBs section provides transactional details about the Enterprise Java Beans.
Oracle Application Server 10g: Administration - I 10-6

Starting and Stopping OC4J Instance

1

2

3

Copyright © 2004, Oracle. All rights reserved.

Starting and Stopping OC4J Instance You can start, stop, and restart OC4J Instance using the OracleAS Instance home page or the OC4J Instance home page. Using the OracleAS Instance Home page, select the OC4J Instance (check box) in the table of components, and click Start (in the top border of the table). You can also use the OC4J Home page to start OC4J instances: 1. Click Start in the General Information section on this page. 2. Click OK on the confirm page. 3. OC4J Instance is displayed with status Up.

Oracle Application Server 10g: Administration - I 10-7

Starting and Stopping OC4J Instances Using OPMN
• You can use the opmnctl utility to start and stop all configured OC4J instances from the command line. To start and stop the OC4J_Demos Instance:
$> opmnctl startproc process-type=OC4J_Demos $> opmnctl stopproc process-type=OC4J_Demos

•

•

To start and stop all OC4J instances:
$> opmnctl startproc ias-component=OC4J $> opmnctl stopproc ias-component=OC4J

Copyright © 2004, Oracle. All rights reserved.

Stopping and Starting OC4J Instances Using OPMN To stop a specific OC4J Instance, for example the OC4J_Demos, use the command:
$> opmnctl stopproc process-type=OC4J_Demos

To start a specific OC4J Instance, for example OC4J_Demos, use the command:
$> opmnctl stopproc process-type=OC4J_Demos

To stop all OC4J instances that are configured in the OracleAS Instance, use the command:
$> opmnctl stopproc ias-component=OC4J

To start all OC4J instances belonging to the OracleAS Instance, use the command:
$> opmnctl startproc ias-component=OC4J

Oracle Application Server 10g: Administration - I 10-8

Disabling OC4J Instances

1

2

3

Copyright © 2004, Oracle. All rights reserved.

Disabling OC4J Instances You can disable/enable installed components using the Application Server Control. For example, on a production system, you may not want some components, such as OC4J_Demos, to be running. You can disable unwanted components. Such components, even though they are installed, will not be started with the OracleAS instance. This can save your system resources. To disable a component, click the Enable/Disable components link in the OracleAS instance page. The Enable/Disable Components Page is displayed. 1. Select the component that you want to disable from the enabled components list. 2. Click Move (>). The selected component appears under Disabled Components. 3. Click OK. A confirmation page is displayed, where you confirm disabling the component. The disabled component no longer appears in the System Components table in the OracleAS instance page. All the subcomponents (application deployed to the OC4J Instance) of the disabled component will also be stopped and disabled.

Oracle Application Server 10g: Administration - I 10-9

Enabling OC4J Instances

1 2

3

Copyright © 2004, Oracle. All rights reserved.

Enabling OC4J Instances You can enable a previously disabled component from the OracleAS Instance Home page. Click the Enable/Disable Components link, to invoke the Enable/Disable Components page. 1. Select the component you want to enable from the Disabled Components list. 2. Click Remove. The selected component appears on the list of Enabled Components. 3. Click OK. The component enabled appears in the System Components table of the OracleAS Instance Home page. The component is not started. You have to start the component.

Oracle Application Server 10g: Administration - I 10-10

OC4J Configuration Basics
OC4J has three groups of configuration files: • The mod_oc4j configuration files are:
– Used to administer the mod_oc4j module of the Oracle HTTP Server – In $ORACLE_HOME/Apache/Apache/conf

•

OC4J Server configuration files are:
– Used to administer the OC4J Server – In $ORACLE_HOME/j2ee/<instance>/config

•

Two types of OC4J Application configuration files:
– J2EE-standard: Stored in /applications/<appname> – OC4J-specific: Stored in /applicationdeployments/<app-name>
Copyright © 2004, Oracle. All rights reserved.

OC4J Configuration Basics Each OC4J Instance can contain multiple J2EE applications. The access to Web applications for HTTP clients is provided using mod_oc4j between OHS and OC4J. The relationship of each of these components is described within the OC4J configuration files. The application configuration files describe the application deployment and client configuration. • OC4J server configuration files are OC4J-specific and configure the OC4J server and point to the location of key J2EE configuration files. • J2EE application configuration files for J2EE applications and clients are J2EE application-specific and are used for the deployment of J2EE applications. Each application is a standard J2EE application defined in an Enterprise Application Archive (EAR) file. An application can have both Web application components, such as servlets and JSP pages, and EJB applications. J2EE applications with a Web application are made accessible to Web clients by binding them to a URL. Applications that contain only EJBs are not bound to a URL in a Web site, but are accessible in the server through Remote Method Invocation (RMI) or locally using the same server-level JVM.

Oracle Application Server 10g: Administration - I 10-11

OC4J Instance Configuration Files
OHS Configuration File mod_oc4j.conf OC4J Instance Configuration Files Server Configuration server.xml jazn.xml* jazn-data.xml* data-sources.xml rmi.xml jms.xml default-website.xml Web site

Copyright © 2004, Oracle. All rights reserved.

OC4J Instance Configuration Files The OC4J is configured by using a few configuration files. These files are standard for J2EE servers and provide a way of integrating components with the OC4J framework. There is no need to modify the configuration files that are contained in JARs, WARs, and EARs while they are being deployed. There is an implied hierarchy to these configuration files:
server.xml |------>rmi.xml |------>jms.xml |------>application.xml | |------>principals.xml | `------>data-sources.xml |------>global-web-application.xml `------>default-web-site.xml |------>default-web-app `------>web-app

The files jazn.xml and jazn-data.xml describe the security configuration by using the Java Authentication and Authorization Service (JAAS). If JAAS is not used, then these files need not be configured.
Oracle Application Server 10g: Administration - I 10-12

Relationship of Configuration Files

When an application is deployed, an entry is made in the
\config\server.xml file:
<application name="app01" path="../applications/app01.ear" />

The context root for this entry is defined in
/config/default-web-site.xml:
<web-app application="app01" name="app01" root="/app01"/>

The modules of the application are defined in
\applications/app01/META-INF/application.xml:
<web><web-uri>webapp1.war</web-uri></web>
Copyright © 2004, Oracle. All rights reserved.

Relationship of Configuration Files The server.xml, default-web-site.xml, and application.xml files work together to define the configuration for an application. If an application named “app01” is deployed by using a app01.ear file (and app01.ear contains webapp1.war), then the entries in the corresponding files, as shown in the slide above are created during deployment.

Oracle Application Server 10g: Administration - I 10-13

Sample server.xml File
<application-server localhostIsAdmin="true" application-directory="../applications" deployment-directory="../application-deployments” connector-directory="../connectors"> <rmi-config path="./rmi.xml" /> <jms-config path="./jms.xml" /> <log><file path="../log/server.log" /></log> <global-applic ation name="default" path="application.xml" /> <global-web-app-config path="global-web-application.xml" /> <web-site path="./default-web-site.xml" /> <application name="app01" path="../applications/app01.ear" /> ... </application-server>

Copyright © 2004, Oracle. All rights reserved.

Sample server.xml File This is an example of what the server.xml file looks like. Note the following aspects of this file: • All directories are relative to the config directory, which makes maintenance much easier. • The application-directory attribute specifies a directory to store applications (EAR files). If none is specified (the default), OC4J stores the information in j2ee/home/applications. • The deployment-directory attribute identifies where the OC4J specific generated files will be persistently stored. Each deployed application has a correspondent deployment-directory attribute. A directory is created for each deployed application in which the generated files will be stored. • The application-auto-directory attribute specifies that files placed in this directory are automatically deployed without any further action necessary from an administrator. This is mainly a developer oriented functionality and is disabled on Oracle Application Server. • The application tag defines the name and the path to the application archive, in this case lab02 and ../applications/lab02.ear.

Oracle Application Server 10g: Administration - I 10-14

Sample default-web-site.xml File
<web-site port="3301" protocol="ajp13" display-name="Default OC4J Web Site"> <default-web-app application="default" name="defaultWebApp" root="/j2ee"/> <web-app application="default" name="dms" root="/dmsoc4j"/> <web-app application="app01" name="app01" root="/app01"/> <web-app application="BC4J" name="webapp" root="/webapp"/> <access-log path="../log/default-web-access.log"/> </web-site>

Copyright © 2004, Oracle. All rights reserved.

Sample default-web-site.xml File The default-web-site.xml file contains the configuration for the default Web site. The <web-site ...> tag contains the configuration for a Web site. You can specify: • port: The port of this instance; the default is 3000 • protocol: The protocol to use for communication between this OC4J Instance and mod_oc4j • display_name: The user friendly name shown when administrating this site • default-web-app: The tag that identifies which application is displayed if no application name is requested. This is the application that is bound to the root of the site. • web-app: Binds a Web module from a J2EE application to a virtual path • access-log: Specifies the path to the access log file

Oracle Application Server 10g: Administration - I 10-15

Configuring OC4J Using Application Server Control
Click the Administration link in the OC4J Home page to access the OC4J Administration page.

Copyright © 2004, Oracle. All rights reserved.

OC4J Administration Page The OC4J Administration page provides access to basic and advanced configuration functions, and provides links to other pages for more detailed operations, such as setting the directories of the default application and configuration file paths. The OC4J Server configuration is defined in a set of XML files that specify the properties of the server and other entities such as data sources. The OC4J Home page contains administration links to property pages for editing these configuration files and adding new services. For example, you can use the Server Properties page to edit settings and properties, such as default application settings and RMI and JMS configuration file paths. You can also edit the server configuration file directly from the interface using the Advanced Properties page for setting properties not presented through the interface. The ports such as RMI and JMS are controlled by OPMN.

Oracle Application Server 10g: Administration - I 10-16

Server Properties Page: General Section
Click the Server Properties link in OC4J OC4J Administration page to access the Server Properties.

Copyright © 2004, Oracle. All rights reserved.

Server Properties Page: General Section OC4J Administration Page of the Application Server Control is the graphic interface for configuring OC4J instances. Use the Server Properties page to view or edit the properties for the current OC4J container. The Server Properties page contains the two sections: General and Multiple VM. The General section contains the following fields: • Name, Server Root, Configuration file, Default Application Name, and Default Application Path: These fields are set at the time of creation of the OC4J Instance and cannot be changed. • Default Web Module Properties: This field specifies the location of a file that defines properties that are applicable to all web modules. By default, this points to the file global-web-applications.xml. • Application Directory: The default directory to place the master EAR file of the deployed application is the /applications directory. You can change this location of the default directory in this field. The directory is relative to j2ee/home/config. • Deployment Directory: The default directory to place modified module deployment descriptors with added defaults is the /application-deployments directory. You can change this location of the default directory in this field. The directory is relative to j2ee/home/config.
Oracle Application Server 10g: Administration - I 10-17

Web Site Properties

Copyright © 2004, Oracle. All rights reserved.

Web Site Properties Use this page to change the default Web application and its parent. You can specify whether one or all Web applications are to be loaded upon startup. These parameters are stored in the default-web-site.xml file. The page contains three major sections: Default Web Module and URL Mappings for Web Modules. The Default Web Module section contains the following nonconfigurable fields: • Name: Displays the desired Web application name • Parent Application: The name of the J2EE application, as specified by the application attribute of an <application> element in the server.xml file • Load on startup: Specifies whether this Web application is loaded when the OC4J Instance is started The URL Mappings for Web Modules table lists all current web modules contained within the OC4J container and lists the following information about each module: • Application: The name of the application to which the Web module belongs • URL Mapping: URL to which this Web module is bound • Load on startup: Specifies whether this Web module is loaded when the OC4J Instance is started
Oracle Application Server 10g: Administration - I 10-18

JSP Properties

Copyright © 2004, Oracle. All rights reserved.

JSP Properties Use the JSP Container Properties page to configure all JSPs deployed in the current OC4J Instance. These properties can be included in the global-web-application.xml file within the <servlet> element. • Debug Mode: Set Debug Mode to True to print the stack trace when a run-time exception occurs. The default is True. • External Resource for Static Content: Set this field to True to place all static content of the page into a separate Java resource file during translation. The default is False. • Generate Static Text as Bytes: Set this field to True to instruct the JSP translator to generate static text in JSP pages as characters instead of bytes. The default is False. • Tags Reuse Default: This specifies a default setting for JSP tag handler pooling (True to enable by default; False to disable by default). You can override this default setting for any particular JSP page. The default is True. • Reduce Code Size for Custom Tags: Set this field to True for further reduction in the size of generated code for custom tag usage. The default is False. • Emit Debug Info: Set this field to True in a development environment to generate a line map to the original .jsp file for debugging. The default is False.

Oracle Application Server 10g: Administration - I 10-19

JSP Properties (continued) • When a JSP Changes: This determines whether classes are automatically reloaded or JSP pages are automatically recompiled, in case of changes. Possible settings are justrun, reload, and recompile. The default is Recompile JSP. • Precompile Check: Set this Boolean to True to check the HTTP request for a standard jsp_precompile setting. The default is False. • Validate XML: This specifies whether XML validation is performed on the web.xml file and TLD files. The default is False. • SQLJ Command: Use this if you want to specify a SQLJ command line, or if you want to specify an alternative SQLJ translator, optionally with command-line settings (for development). If you specify an alternative translator, it will be spawned in a separate JVM. A null setting means use the Oracle SQLJ version provided with Oracle Application Server, with its default option settings. • Alternate Java Compiler: Use this if you want to specify a javac command line, or if you want to specify an alternative Java compiler, optionally with command-line settings (for development). If you specify an alternative compiler, it will be spawned in a separate JVM (javac runs in the same JVM). A null setting means use the JDK javac with default settings.

Oracle Application Server 10g: Administration - I 10-20

Advanced Properties

Copyright © 2004, Oracle. All rights reserved.

Advanced Server Properties Use the Advanced Server Properties page to view a list of configuration files for the current OC4J server. You can edit any of the files in the list by clicking the file name in the table. The Advanced Server Properties page lists the table of all configuration files and includes the file name and location of each of the files. Within this section you can configure the XML files for the current OC4J Instance for server.xml, global-webapplication.xml, rmi.xml, jms.xml, and default-web-site.xml. When you access the Advanced Properties page from an application home page, you can edit the following OC4J Configuration files: • For the default application, application.xml, oc4j-connectors.xml, principals.xml, and data-sources.xml can be edited. • For a deployed application, principals.xml and orion-application.xml can be edited. You can modify data-sources.xml and principals.xml at both the global and local level. To modify the global definitions, modify them under the default application. To modify them locally in an application, modify them under the designated application.

Oracle Application Server 10g: Administration - I 10-21

Application Deployment
• • Deploying applications to Oracle Application Server is simple. The deployer configures the OC4J Instance with applications:
– Web, EJB, and J2EE applications – Uses manual or automatic deployment methods

•

The OC4J Instance verifies and deploys the applications:
– It automatically deploys and redeploys new applications. – It generates the required OC4J-specific application files. – The OC4J Instance should be restarted.
Copyright © 2004, Oracle. All rights reserved.

Application Deployment The deployment of a J2EE application can be performed using Application Server Control or using the dcmctl command-line utility. You can also deploy applications manually by • Manually modifying the configuration files • Unpacking in the deployment archive file in the deployment directory Using Application Server Control to deploy a J2EE application, you are expertly guided through deployment via a Deploy Application Wizard. You can access this Wizard by navigating from the OC4J Home page to the Applications property page to the Deploy EAR or WAR file buttons.

Oracle Application Server 10g: Administration - I 10-22

OC4J Applications Page

Copyright © 2004, Oracle. All rights reserved.

OC4J Applications Page Clicking Applications tab of OC4J home page brings up the Applications Page. This page contains a table of deployed applications. You can use this page to deploy and manage applications. Note that the Parent application for all the applications in the instance is default.

Oracle Application Server 10g: Administration - I 10-23

Maintaining Applications

Copyright © 2004, Oracle. All rights reserved.

Maintaining Applications You can monitor and administer the configuration of applications deployed to OC4J instances. The OC4J Homepage for the Application Server Control provides a list of deployed applications and support for such common operations. You can get a consolidated view of application performance and a list of the Web and EJB modules that are deployed for the application from the application home page. You can get the aggregate application performance metrics such as usage volume and responsiveness. You can perform administration tasks, such as changing an application’s user manager, adding data sources and security groups, and modifying application settings using the property pages linked with the application’s home page. For example, if an EJB application uses container managed persistence (CMP), the administrator can use the application property pages to control the process of creating and deleting the database tables used to track a CMP bean’s session state.

Oracle Application Server 10g: Administration - I 10-24

Maintaining Web Modules

Copyright © 2004, Oracle. All rights reserved.

Maintaining Web Modules You can drill down into an application module using the link in the application home page to a Web module home page. The Web module home page contains a list of the deployed servlets, JSPs, or EJBs for the module. The list includes the status and performance of each object, such as response time and the volume of requests processed. Web module properties can be viewed and edited from the Web Module Home page. For example, you can change the URL mappings or add or remove chaining for Servlet filters.

Oracle Application Server 10g: Administration - I 10-25

Summary
In this lesson, you should have learned to do the following: • Create OC4J instances • Start and stop OC4J instances • Enable or disable application start up • Configure an OC4J Instance properties • Configure Web site and JSP properties • Edit OC4J configuration files • Configure deployed applications and Web modules

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 10-26

Managing the OracleAS Portal

Copyright © Oracle, 2004. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Describe OracleAS Portal administrative services • Describe tools to monitor the OracleAS Portal instance • Manage OracleAS Portal users, groups, and schemas • Administer the portlet repository • Perform export and import of portal content

Copyright © Oracle, 2004. All rights reserved.

Objectives OracleAS Portal is installed as part of the Oracle Application Server. In this lesson, you learn about OracleAS Portal administrative services that you, as a portal administrator, can use to manage and monitor the OracleAS Portal instance. You also learn to perform basic administration tasks, such as managing OracleAS Portal schemas, users, and groups, and administering the portlet repository that stores information about providers and portlets in the OracleAS Portal instance. Finally, you learn how to migrate your portal content using the export/import utilities of OracleAS Portal.

Oracle Application Server 10g: Administration - I 11-2

OracleAS Portal Administrative Services: Overview
OracleAS Portal Administrative Services: • Enable you to:
– Manage portal users and groups – Set up security, search, and self-registration features – Configure language and mobile support – Migrate content between OracleAS Portal instances – Monitor performance of OracleAS Portal instances

•

Are provided in the form of:
– Application Server Control – Administrative portlets – Configuration scripts
Copyright © Oracle, 2004. All rights reserved.

OracleAS Portal Administrative Services: Overview The OracleAS Portal framework provides administrative services, such as access to monitoring and configuration tools, single sign-on, directory integration, caching, and security. The services enable you to perform configuration and administrative tasks after the installation is complete. For example, as a portal administrator you must manage users and groups, to set up security, search, and self-configuration features, to configure language and mobile support in your portal, or to perform portal page administration. To perform most of the administrative and configuration tasks in the OracleAS Portal instance, you must log on to the portal as a portal administrator and use administrative portlets. Some of the administrative tasks should only be performed by using Application Server Control or by running configuration scripts that are copied into your Oracle home directory during the installation of OracleAS Portal.

Oracle Application Server 10g: Administration - I 11-3

Managing the OracleAS Portal Instance Using Application Server Control
You can use Application Server Control to monitor and administer the OracleAS Portal instance.

Copyright © Oracle, 2004. All rights reserved.

Managing the OracleAS Portal Instance Using Application Server Control The Application Server Control provides the management tools to monitor and administer the OracleAS Portal instance. In the Systems Components section of the OracleAS instance home page, you can find two entries that are related to the OracleAS Portal instance: OC4J_Portal and Portal:portal. OC4J_Portal is an OC4J instance that contains Web applications related to the OracleAS Portal instance (for example, the Parallel Page Engine). This instance is configured and started during the installation. You can start or stop the OC4J_Portal similarly to the way you start or stop any other OC4J instance. Portal:portal is a link to the home page of the OracleAS Portal instance in the Application Server Control. This is the first place to go to check the condition of the OracleAS Portal instance. From the home page of OracleAS Portal instance, you can manage and monitor all the components that make up the OracleAS Portal instance, such as Oracle HTTP Server, mod_plsql, Web Cache, providers, and so on.

Oracle Application Server 10g: Administration - I 11-4

OracleAS Portal Instance Home Page

Copyright © Oracle, 2004. All rights reserved.

OracleAS Portal Instance Home Page From the home page of the OracleAS Portal instance, you can see the overall status of the instance, data on how the instance is using the OracleAS Metadata Repository, and status of all other Oracle Application Server components that the OracleAS Portal instance is dependent on. For components that are specifically used by the OracleAS Portal instance you can also see the severity status. For example, you can open the mod_plsql Services home page from where you can configure and monitor mod_plsql related settings and metrics, such as the number of requests for cached content, including the percentage of cache hits and misses. You can also monitor the status of PPE from the Parallel Page Engine Services home page or you can monitor all components registered with the OracleAS Portal instance providers and their portlets from the Providers home page. The Administration section contains the Portal Web Cache Settings link that enables you to reconfigure the OracleAS Portal instance when there are changes in the Web Cache configuration. The Portal End User Default Homepage link in the Related Link section takes you to the Welcome page of the OracleAS Portal instance.
Oracle Application Server 10g: Administration - I 11-5

Monitoring the OracleAS Portal Instance
Available tools and services: • Oracle Enterprise Manager 10g Application Server Control • OracleAS Portal logging service • OracleAS Portal activity reports • mod_plsql performance logging service • OracleAS Portal performance reports

Copyright © Oracle, 2004. All rights reserved.

Monitoring the OracleAS Portal Instance By monitoring the OracleAS Portal instance, you can easily analyze and better understand the type and volume of activities that are taking place in the portal. Armed with this information, you can make better-informed decisions and take appropriate administrative actions to improve performance, usability, navigation, and so on. The following tools and services are available to you as a portal administrator: • Oracle Enterprise Manager 10g Application Server Control (Application Server Control): This management interface is installed with every instance of Oracle Application Server. The interface immediately provides you with the tools to monitor the OracleAS Portal instance, start and stop services, view logs and ports, configure settings and metrics related to the OracleAS Portal instance.

Oracle Application Server 10g: Administration - I 11-6

Monitoring the OracleAS Portal Instance (continued) • OracleAS Portal logging service: You can log objects and actions in OracleAS Portal and generate reports for analyzing the data. The OracleAS Portal logging service collects information about registered events into OracleAS Portal Activity Log tables. You can choose which events are logged in the Activity Log tables by managing the Log Registry records in the Services portlet. • OracleAS Portal activity reports: To analyze data stored in the Activity Log tables, OracleAS Portal provides access to several Activity Log views. These views exist in the OracleAS Portal product. Access to the Activity Log views is granted to public, however, the logs are secure according to the portal object’s security. You can create simple reports based on these views if required. • mod_plsql performance logging service: The mod_plsql performance logging service allows you to collect statistics that indicate how long the overall request took, how much of that time was spent in the user’s procedure, which user made the request, whether a database connection was obtained from the connection pool, what type of caching was used, and so on. The Performance Monitoring with modPLSQL in OracleAS Portal technical note is available on Oracle Portal Center at http://portalcenter.oracle.com and describes steps to implement this logging service. • OracleAS Portal performance reports: You can generate performance reports based on the statistics collected by the mod_plsql performance logging service. This can be accomplished by running the Performance Reporting SQL scripts that are located in the $ORACLE_HOME/portal/admin/plsql/perf directory. The README.html file from the same directory provides you with instructions on how to load the logging data into the database and generate performance reports.

Oracle Application Server 10g: Administration - I 11-7

Managing the OracleAS Portal Instance Using Administrative Portlets
OracleAS Portal administrative portlets are: • Grouped into three subtabs on the Administer tab • Integrated with other Oracle Application Server components

Copyright © Oracle, 2004. All rights reserved.

Managing the OracleAS Portal Instance Using Administrative Portlets To perform various administrative functions, you need to log in to the OracleAS Portal instance as an administrator. The Portal Builder page is displayed after you have logged in to the portal. The Administer tab includes three subtabs that group related administrative portlets: • Portal: Portlets on this subtab enable you to create portal users and groups, configure global settings of the portal instance, administer other services such as the SSO server, Delegated Administration Service, Oracle Ultra Search, OracleAS Web Cache, proxy settings, perform export and import of OracleAS Portal objects, and so on. • Portlets: From this subtab you can manage the Portlet repository that stores information about registered providers and portlets in the portal. You can also register new remote providers and provider groups. • Database: Portlets on this subtab enable you to create and edit database schemas, create and edit database roles, and monitor database information such as database parameters, memory consumption, and database storage details.

Oracle Application Server 10g: Administration - I 11-8

Default Portal Users
The following portal users are created upon installation: • ORCLADMIN • PORTAL OracleAS • PORTAL_ADMIN Portal • PUBLIC
Unauthenticated sessions PUBLIC Authenticated sessions
Copyright © Oracle, 2004. All rights reserved.

Default Portal Users The following default portal users are created upon installation of OracleAS Portal: • orcladmin: This user is created for Oracle Application Server administrators and has the highest privileges in the portal. Some of the OracleAS Portal tools (for example, the SSO Server Administration portlet) are available only for this user. Note: The orcladmin OID superuser and the orcladmin portal user are two different users that are stored in the same directory. • portal: This user is the superuser for the portal, and is granted all the privileges available in the portal. • portal_admin: This user is a privileged OracleAS Portal user with administrative privileges excluding those that would give the user the ability to obtain higher privileges or access the database administration features, such as schema creation and management. This user is typically intended for an administrator who manages and provisions portal users. • public: This user identifies unauthenticated access to the portal. All sessions before authentication use this account. Initial password for the orcladmin, portal, and portal_admin portal users is the same as the password for the ias_admin user supplied during installation of the OracleAS middle tier.
Oracle Application Server 10g: Administration - I 11-9

Default Portal Groups
• Basic groups
– – – – – AUTHENTICATED_USERS DBA PORTAL_ADMINISTRATORS PORTAL_DEVELOPERS PORTLET_PUBLISHERS RW_BASIC_USER RW_POWER_USER RW_DEVELOPER RW_ADMINISTRATOR

•

Groups that support OracleAS Reports Services
– – – –

Copyright © Oracle, 2004. All rights reserved.

Default Portal Groups OracleAS Portal creates several groups upon installation to implement the base user privileges and additional portal-level privileges: • AUTHENTICATED_USERS: This group includes all users who are able to log in to OracleAS Portal. The purpose of this group is to provide a convenient mechanism to assign the default privileges that you want every logged in user to have in the portal. • DBA: Members of this group have the maximum privilege level in the system. All global privileges are granted to this group. Initially, this group has only one member, the user with the name of the product schema (for example, portal). • PORTAL_ADMINISTRATORS: This group includes users with most of the global privileges, except for the database-related privileges. Members of this group do not have the necessary privileges to administer OracleAS Single Sign-On. This group initially comprises the portal_admin user and includes the DBA group. • PORTAL_DEVELOPERS: Members of this group have privileges to build and manage local database providers and their portlets as well as shared components.

Oracle Application Server 10g: Administration - I 11-10

Default Portal Groups (continued) • PORTLET_PUBLISHERS. This group includes users who have privileges to add portlets to portal pages and make the portlets available to other portal users. To support integration with OracleAS Reports Services, OracleAS Portal creates a set of reports-related groups. The reports-related privileges of these groups are defined as follows: • RW_BASIC_USER: Members of this group can only execute deployed reports. RW_POWER_USER: In addition to the privileges of the RW_BASIC_USER group, this group includes users who receive more detailed error messages from OracleAS Reports Services. • RW_DEVELOPER: In addition to the privileges of the RW_POWER_USER group, members of this group can run special Web commands that allow them to develop and test reports using OracleAS Reports Services. • RW_ADMINISTRATOR: In addition to the privileges of the RW_DEVELOPER group, users of this group have access to the administrator’s functionality of the Oracle Reports Queue Manager administer reports built with Oracle Reports, as well as Oracle Reports printer and server definitions. Every portal user who needs access to reports built with Oracle Reports and deployed to the OracleAS middle-tier should belong to one of the reports-related groups. In addition, the portal administrator should grant appropriate portal privileges to the reports-related groups. For example, to enable members of the RW_BASIC_USER group to run a report from the portal, the Execute privilege should be granted on the corresponding Oracle Reports report object to the RW_BASIC_USER group. Note: For more information about deploying reports in OracleAS Portal, refer to OracleAS Reports Services Publishing Reports to the Web.

Oracle Application Server 10g: Administration - I 11-11

OracleAS Portal Schemas

OracleAS metadata repository

OracleAS portal repository
PORTAL_PUBLIC OracleAS Portal access schema PORTAL OracleAS Portal product schema

Portal users

PORTAL_DEMO OracleAS Portal demo schema

PORTAL_APP OracleAS Portal application schema

Copyright © Oracle, 2004. All rights reserved.

OracleAS Portal Schemas OracleAS Portal is installed primarily in the Oracle database with some supporting components installed on the middle tier of Oracle Application Server. During a typical installation, the following database schemas are created: • PORTAL: This is the product schema for OracleAS Portal that contains database objects of the portal repository and PL/SQL code. It is a highly privileged database schema and acts as a proxy user for the interaction of the middle-tier with the database, which allows the middle-tier to have secure access to other schemas in the database. • PORTAL_PUBLIC: Portal users do not have distinct Oracle database accounts and schemas. Because a part of OracleAS Portal is implemented in PL/SQL, a database account is needed for the execution of the PL/SQL code. Each portal user must be mapped to a database schema that should be other than the product schema. The PORTAL_PUBLIC schema is the schema that portal users map to by default. • PORTAL_DEMO: This schema contains the OracleAS Portal demonstration code. • PORTAL_APP: This schema contains the OracleAS Portal applications.

Oracle Application Server 10g: Administration - I 11-12

Managing Passwords for the OracleAS Portal Schemas
• • Passwords are stored in OID. You must change the passwords using Application Server Control.

Copyright © Oracle, 2004. All rights reserved.

Managing Passwords for the OracleAS Portal Schemas During the installation, passwords for the OracleAS Portal schemas are randomized and stored in OID. You can retrieve these passwords from OID using Oracle Directory Manager. For example, to retrieve the password for the product schema of OracleAS Portal, you navigate to the following entry in the DIT: Entry management > cn=OracleContext > cn=Products > cn=IAS > cd= IAS Infrastructure Databases > orclReferenceName=your Infrastructure DB name> cnOrclResourceName=PORTAL. If you want to change the password for any of the OracleAS Portal schemas, then you must do so using Application Server Control: 1. Click the Infrastructure tab on the home page of the middle-tier OracleAS instance. 2. In the Metadata Repository section, click the Change Schema Password link. 3. In the Change Schema Password page, select a schema (for example, PORTAL), enter a new password in the Password field and the Confirm Password field, and click OK. You should receive the following confirmation message: “The operation Change Schema Password was successful.”

Oracle Application Server 10g: Administration - I 11-13

Managing Portal Users and Groups
OracleAS Portal administrative portlets Portal administrator

DAS

OracleAS metadata repository Portal repository

Oracle Internet Directory (OID) OracleAS administrator

User

Group

User profiles

Group profiles

Copyright © Oracle, 2004. All rights reserved.

Managing Portal Users and Groups Portal users and groups are stored in OID. The management interface that is provided by Delegated Administration Service (DAS) is used to enter information about portal users and groups into OID. OracleAS administrators and portal administrators can access DAS using direct ULRs or via the User and Group portlets from the Administer tab on the OracleAS Portal Builder page. Portal users are single sign-on (SSO) user accounts, which allows a user to access multiple applications including OracleAS Portal by providing his or her credentials just once. To manage user and group information that pertain specifically to the portal, OracleAS Portal creates user and group profiles for each portal user and group stored in the OID. OracleAS portal stores the user and group profiles in the portal repository. The user and group profiles are created automatically when a portal administrator first attempts to edit the user or group profile of a user or group. The user profile also gets created when a portal user first attempts to log in to OracleAS Portal using his or her credentials. To manage user profiles and group profiles, you use the Portal User Profile portlet and Portal Group Profile portlet respectively.

Oracle Application Server 10g: Administration - I 11-14

Creating Portal Users
• • Use the User portlet. Specify the following:
– – – – – – – – – Basic information Personal details Organizational details Photograph Telephone numbers Home/Office addresses Group membership Privilege assignment Resource access information for Reports and Forms applications
Copyright © Oracle, 2004. All rights reserved.

Creating Portal Users When you create a portal user by using the User portlet, you are creating a single sign-on user account for that portal user in OID. You must enter basic information, such as a username, password, and e-mail address for each user that you create. You can also provide optional personal information, job related information, telephone numbers, and addresses. You can upload a photograph in GIF or JPEG format. You can also assign the user to be a member of the existing portal groups, for instance the default OracleAS Portal groups. You can also assign portal privileges to each user, which will be discussed later in this lesson. You are provided with an area to enter resource access information for Reports and Forms applications. For instance, you can save connection string information to a data source that will be used when running reports that need access to that particular data source.

Oracle Application Server 10g: Administration - I 11-15

Editing Portal User Profiles
• • Use the Portal User Profile portlet. Configure the following:
– Enabling access to the portal – The database schema to use – The portal page for the user's personal use – The default group and style – The default home page – The default mobile home page – Invalidation of the user’s portal content in the Web Cache – Global portal privileges
Copyright © Oracle, 2004. All rights reserved.

Editing Portal User Profiles The Portal User Profile portlet enables you to define the user information that pertain specifically to the OracleAS Portal instance. For example, in the Preferences tab you can configure the following user’s settings: • Allow User To Log On: When you edit a portal user profile, you can enable or disable the user’s ability to login to the OracleAS Portal instance via the Allow User To Log On check box. • Database schema: Portal users do not have database privileges. However, because portal pages are displayed by executing procedures in the database, portal users must have execute privileges on those procedures. Therefore, each portal user must be associated with a database schema that has the appropriate privileges to display portal pages. By default, new portal users are associated with the PORTAL_PUBLIC schema. • Default group: You can select a default group for the user. The default group determines preferences for the user if no personal preferences are specified.

Oracle Application Server 10g: Administration - I 11-16

Editing Portal User Profiles (continued) • Default Style: You can choose the style to use as the user’s default style. The user’s default style is used when pages are set to use the user’s default style. If the user does not have a default style, the style of the user’s default group is used instead. If the user does not have a default group, or the group default style is also not set, the system default style is used. Note: Users can change this setting in the Account Information page if they wish. • Default home page: The home page is the first page that is displayed to a user after logging in to OracleAS Portal. If the user has specified a personal home page, that page is displayed when the user logs on. If the user has not selected a personal home page, but the portal administrator has set one for him or her, the default home page specified for that user is displayed. If the user has not selected a personal home page, but belongs to a default group, the default home page specified for that group is displayed. If there is no default home page for the user's default group, the system default home page is displayed. • Default mobile home page: Similar to the default home page you can set the default mobile home page if the mobile support is enabled in the portal. If you select the default mobile home page here, it overrides the default mobile home page of the user's default group. • Clear the Cache in Web Cache for User: Select this check box to invalidate the pages associated with this user in Web Cache. This allows new pages to be generated for this user, which may be desirable when, for example, a new default group is selected. In the Privileges tab, you can set OracleAS Portal global privileges for the user. You can also reset the privileges.

Oracle Application Server 10g: Administration - I 11-17

Mapping Portal Users to a Custom OracleAS Portal Access Schema

Portal administrator My Application portal users Custom OracleAS Portal access schema (MYAPP_PUBLIC) Default OracleAS Portal access schema (PORTAL_PUBLIC) Portal users
Copyright © Oracle, 2004. All rights reserved.

My Application product schema (MYAPP) OracleAS Portal product schema (PORTAL)

Mapping Portal Users to a Custom OracleAS Portal Access Schema In some cases, you may want to map OracleAS Portal users with another database schema that plays the same role as the default OracleAS Portal access schema (PORTAL_PUBLIC). For example, if your company has a legacy database application that can only be accessed by a limited number of portal users, then you can create a new database schema, that is, a custom OracleAS Portal access schema (for instance, MYAPP_PUBLIC), and map those portal users who need access to the legacy application to the new database schema. The custom OracleAS Portal access schema should also be granted all necessary database privileges from the application product schema to be able to run the application code and access the application data. To map a portal user to a custom OracleAS Portal access schema, perform the following steps: • Add the custom OracleAS Portal access schema to the list of database schemas to which portal users can map. In the Schemas portlet, select a database schema, click Edit, select the Use this Schema for Portal Users check box, and apply the change. • Edit the user profile and select the custom OracleAS Portal access schema in the Database schema field.

Oracle Application Server 10g: Administration - I 11-18

Creating Portal Groups
• • Use the Group portlet Specify the following:
– Basic information – Group information Public Private Enable group to be privileged – Owners – Members – Privilege assignment

Copyright © Oracle, 2004. All rights reserved.

Creating Portal Groups When you create a portal group, you specify the basic information such as name, display name, and description of the group. You also specify the visibility of the group as public or private. If you specify the group as private, the group will only be visible to its owners. The default visibility is public. If you specify the group to be privileged, then you can assign privileges to the group. The creator of the group is automatically the group owner. You can also specify additional owners for the group. You can add users and groups as members of the group and you can also assign privileges to the group.

Oracle Application Server 10g: Administration - I 11-19

Editing Portal Group Profiles
• • Use the Portal Group Profile portlet Configure the following:
– The default home page – The default Mobile Home Page – Global portal privileges

Copyright © Oracle, 2004. All rights reserved.

Editing Portal Group Profiles The Portal Group Profile portlet enables you to define the group information that pertain specifically to the OracleAS Portal instance. You can specify the default home page for users that have the group as their default group. However, users may override this setting by choosing their own personal home page. You can also specify global privileges for the group.

Oracle Application Server 10g: Administration - I 11-20

Assigning Privileges to OracleAS Portal Users and Groups
You can assign the following privileges: • Oracle Application Server privileges
– Stored in OID – Managed using DAS

•

OracleAS Portal global privileges
– Stored in the portal user and group profiles – Managed using the Access page of the Portal User Profile and Portal Group Profile portlets

•

OracleAS Portal object privileges
– Stored in the Portal repository – Managed using the Access tab of the object’s Edit page
Copyright © Oracle, 2004. All rights reserved.

Assigning Privileges to OracleAS Portal Users and Groups Within OracleAS Portal, you decide at what level of granularity you want to control access. You can assign privileges on a per user or per group basis. Privileges that you can assign to OracleAS Portal users and groups can be grouped into three types: • Oracle Application Server privileges: These privileges enables users to perform user and group management, assignment access rights to other users and groups, and configuration user entries and subscriber information using the Delegated Administration Service. The Oracle Application Server privileges are stored in OID along with the user or group information. • OracleAS Portal global privileges: These privileges give a user or group a certain level of privileges on all portal objects of a particular type. For example, you can assign privileges for all page groups, pages, styles, providers and portlets. The OracleAS Portal global privileges are managed on the Access tab of the profile portlets and stored in the corresponding user or group profile. • OracleAS Portal object privileges: These privileges give a user or group a certain level of privileges on only a particular instance of a portal object, rather than all objects of that type. The OracleAS Portal object privileges are managed on the Access tab of the object’s Edit page and stored in the portal repository.
Oracle Application Server 10g: Administration - I 11-21

What Is the Portlet Repository?
The portlet repository stores registration information about providers and their portlets that are available in the OracleAS Portal instance.
OracleAS Portal repository
Add portlets My Provider • portlet1 • portlet2 •… Portlet repository page group

Portlet repository
My Provider Portlet1 Portlet2

Portal administrator

Portal user
Copyright © Oracle, 2004. All rights reserved.

What Is the Portlet Repository? To store information about providers and their portlets available in the portal, OracleAS Portal uses the portlet repository that is created during installation. The initial portlet repository stores information about built-in providers and their portlets that are installed and configured for portal administration, portal development, and general use by portal users. When you register a new provider, information about the provider and its portlets is automatically added to the portlet repository. The portlet repository is implemented as a part of the portal repository in the portal product schema. To display the portlet repository to portal users, OracleAS Portal is shipped with a special page group, the Portlet Repository page group. The Portlet Repository page group content populates the Add Portlets page that is displayed when the portal user wants to add a portlet to a portal page. What the portal user can see in the Add Portlets page depends on their portal privileges, which can be defined by the portal administrator.

Oracle Application Server 10g: Administration - I 11-22

Accessing the Portlet Repository
You can access the Portlet Repository in the Providers tab of the Portal Navigator.

Copyright © Oracle, 2004. All rights reserved.

Accessing the Portlet Repository You can access the portlet repository in the Providers tab of the Portal Navigator. All providers available in the OracleAS Portal instance are grouped into three provider groups: • Locally Built Providers: These are providers that are created by using tools available in OracleAS Portal. For example, when a portlet developer creates a form portlet or a report portlet using the Portlet Builder, a new database provider is created in the Locally Built Providers group. The registration of the locally built providers is handled by the OracleAS Portal instance internally. • Registered Providers: These are providers that are registered with the OracleAS Portal instance through the registration process by the portal administrator. • Provider Groups: A Provider Group is a logical collection of Web Providers which is defined by a remote Provider Groups Service. Once registered, a Provider Group simplifies the process of registering the providers in the group. For more information about using Provider Groups in your OracleAS Portal instance, refer to the Provider Group Server Setup article available on the Oracle Portal Studio Web site at http://portalstudio.oracle.com.

Oracle Application Server 10g: Administration - I 11-23

Displaying the Portlet Repository Page Group
From the Portal Navigator

From the Portlet Repository portlet

Copyright © Oracle, 2004. All rights reserved.

Displaying the Portlet Repository Page Group The Portlet Repository page group displays information about portlets available in the OracleAS Portal instance. Similar to any other page group in OracleAS Portal, the Portlet Repository page group is organized in the form of hierarchy of portal pages. The portal repository pages display information about available portlets as portlet items. You can view the Portlet Repository page group from the Portal Navigator or from the Portlet Repository administrative portlet.

Oracle Application Server 10g: Administration - I 11-24

Managing the Portlet Repository
You can perform the following management tasks: • Register providers • Update provider registration information • Refresh the portlet repository and individual providers • Organize the Portlet Repository page group • Secure the Portlet Repository page group

Copyright © Oracle, 2004. All rights reserved.

Managing the Portlet Repository As a portal administrator, you can perform the following management tasks related to the portlet repository: • Registering providers is the most frequent management task that adds information about new providers and their portlets to the portlet repository. Portlet developers typically submit setup instructions that include registration details about the provider. • You can update registration details of the existing providers in the portlet repository. For example, you can change the provider’s display name or timeout message, or you can change access to the provider for portal users. • When there are changes in the provider implementation (for example, a new portlet has been added to the provider), you need to refresh the provider registration information in the portlet repository. You can perform this task in two ways: refresh an individual provider or refresh the entire portlet repository. Refreshing an individual provider is cheaper and requires less time. In this case, the portal contacts the provider and updates the list of the provider’s portlets in the portlet repository. Refreshing the entire portlet repository updates information about all providers that are registered in the portlet repository.

Oracle Application Server 10g: Administration - I 11-25

Managing the Portlet Repository (continued) This task may take a long time depending on the size of the portlet repository and should be performed when the load on the OracleAS Portal instance is minimal. During this task, the portal contacts all the registered providers and updates their registration information in the portlet repository. • You can customize the display of the portlet repository by organizing the Portlet Repository page group content to make it easier for the portal users to locate required portlets. For example, if you have many portlets that relate to a sales theme, you could create a page called Sales within the Portlet Repository page group, and move portlet items from their original pages to the Sales page. • You can secure access to the portlet repository by granting access to pages and portlet items of the Portlet Repository page group. Portal users may see different list of available portlets in the Add Portlets page depending on their privileges in the Portlet Repository page group.

Oracle Application Server 10g: Administration - I 11-26

Registering a Provider
When you register the provider, OracleAS Portal: • Contacts the provider for its registration information • Saves the provider registration information in the portlet repository • Grants the Manage privilege on the provider to the user who registers the provider • Sets the provider status to ONLINE

Copyright © Oracle, 2004. All rights reserved.

Registering a Provider When you register a new provider, you define the provider connection information that specifies how the provider can be contacted by the portal. There are two types of providers that you can register with OracleAS Portal: Web and database. In either case, you need to provide the portal with the name and location of the provider code. For example, for a Web provider you specify the provider URL and for a database provider you specify a database schema and PL/SQL package name. The provider returns registration information to the portal, which includes the list of the provider portlets and their attributes (for example, default values for the portlet parameters.) During its registration, the provider may also perform provider-level initializations. For example, the provider can load error messages and strings that are used in its portlets into the portal repository. The portal saves the provider registration information in the portlet repository, creates a new page in the Portlet Repository page group, and adds portlet items for each of the provider portlets to that page. Finally, the portal grants the Manage privilege on the provider to the user who registers the provider and sets the provider status to ONLINE.
Oracle Application Server 10g: Administration - I 11-27

Updating the Provider Registration Information
Use the Remote Providers portlet to: • Change the display name of the provider • Update connection information of the provider • Grant and change access to the provider • Change the provider status • Clear the Web Cache entries for the provider

Copyright © Oracle, 2004. All rights reserved.

Updating the Provider Registration Information The Remote Registration portlet enables you to update registration information of a previously registered provider in the portlet repository. You can either enter the provider name in the Name field or select the provider from the pop-up list that is displayed when you click the List icon next to the Name field. By clicking the Edit button you open the Edit Provider Registration page that has three tabs on which you can make the following changes: • Main tab: Enables you to change the display name of the provider. You can also enter information about how long to wait for a response from the provider. • Connection tab: Enables you to edit the connection information of the provider • Access tab: Enables you to control security of the provider by granting access to the provider to portal users and groups. You can also take a provider offline when the provider is temporary unavailable. If the provider is offline, the portal will not contact the provider until the provider comes back online. In the Cache Invalidation section, you can clear the Web Cache entries for the provider. This is required if you have changed the privileges for the provider to make sure that those changes are effective immediately.

Oracle Application Server 10g: Administration - I 11-28

Organizing the Portlet Repository Page Group
Organize the Portlet Repository page group as needed by • Creating standard pages • Moving portlet items between pages • Rearranging portlet items on the page • Editing the Portlet Repository style • Editing the Portlet Repository template

Copyright © Oracle, 2004. All rights reserved.

Organizing the Portlet Repository Page Group After the installation the Portlet Repository page group consists of pages that display information about portlets that are shipped with OracleAS Portal (for example, the administrative portlets). When you register a new provider, a new portal page is created under the Portlet Staging Area page in the Portlet Repository page group. The new page’s name is the same as the provider’s display name; the new page also contains portlet items for each of the provider’s portlets. You can organize content of the Portlet Repository page group to help portal users browse the portlet repository easier or you can apply a corporate look and feel style to the portlet repository pages. For example, you can create additional pages within it, rearrange portlet items on pages in the portlet repository, move portlet items between pages within the portlet repository, change the appearance of the portlet repository by editing the portlet repository style, or change the layout of all the pages in the portlet repository by editing the layout of the Portlet Repository page template.

Oracle Application Server 10g: Administration - I 11-29

Securing the Portlet Repository Page Group
Secure Portlet Repository pages

Secure individual portlets
Copyright © Oracle, 2004. All rights reserved.

Securing the Portlet Repository Page Group Users are allowed to see those providers and portlets for which they have the necessary privileges to view. In addition to the ability of controlling access to providers by editing their registration information, you can also secure information about available portlets by controlling the user access to the Portlet Repository page group. In particular, you can control which users may see pages in the Portlet Repository page group. This is done by granting privileges in the Access Settings section of the Access tab for the portlet repository pages. You can also control security at the portlet level, which controls who can see the portlet on a page. This can be done by editing the portlet item access privileges in the portlet repository on the Access tab of the Edit Portlet page.

Oracle Application Server 10g: Administration - I 11-30

Invalidating the Portlet Cache
Invalidate the portlet content in the Web Cache when you change access to the portlet.

Copyright © Oracle, 2004. All rights reserved.

Invalidating a Portlet in Cache If you change a user or a group’s privileges on a portlet, or if that user or a member of that group has already accessed the portlet and the portlet has been cached, then your changes may not take effect immediately. To make sure that your changes take effect immediately, you must clear the portlet content cached in the Web Cache as follows: 1. Navigate to a portlet repository page that contains the portlet item, and open the page in the Edit mode. 2. Locate the portlet item on the page and open the portlet item properties by clicking the Edit Item icon next to the portlet item display name. 3. Open the Access tab and click the Clear Cache link in the Cache Invalidation section.

Oracle Application Server 10g: Administration - I 11-31

Refreshing the Portlet Repository and Individual Providers
• Updates registration information about providers and their portlets Updates the Portlet Repository page group Invalidates cache entries in the Web Cache for pages that contain updated portlets
Refreshing the portlet repository Refreshing individual providers
Copyright © Oracle, 2004. All rights reserved.

• •

Refreshing the Portlet Repository The Portlet Repository portlet enables you to display the portlet repository, refresh the portlet repository, and view the portlet repository refresh log. When you refresh the portlet repository, registration information about providers and their portlets in the portlet repository is updated. The process of updating a provider in the portlet repository involves creating portlet items for each new portlet along with the portlet translations. Exceptions raised during the refresh process are captured in the Refresh Log. The pages that contain updated portlets have their page caches invalidated.

Oracle Application Server 10g: Administration - I 11-32

Exporting and Importing Objects in OracleAS Portal
• Use Export/Import utilities to:
– Support staging content on one or more OracleAS Portal development instances for deployment to OracleAS Portal production instances – Consolidate multiple OracleAS Portal instances – Deploy identical content across multiple OracleAS Portal instances

•

Perform Export/Import process between source and target OracleAS Portal instances of the same version

Copyright © Oracle, 2004. All rights reserved.

Exporting and Importing Objects in OracleAS Portal OracleAS Portal provides a set of export/import utilities that enable you to migrate portal content between different OracleAS Portal instances. A typical example where these utilities would be used is to copy or update portal objects between a development instance and a production instance of OracleAS Portal. Export/import utilities are also useful for consolidating multiple OracleAS Portal instances. Consolidation may be driven by a need to reduce the number of active instances or other business considerations. For example, you may wish to merge your multiple OracleAS Portal instances to a single OracleAS Portal instance. Another possible example is deploying identical content across multiple OracleAS Portal instances. In this case, the OracleAS Portal objects could be created in one instance and propagated to multiple instances using the export/import utilities. Note: You can obtain additional information on the OracleAS Portal export/import utilities from the OracleAS Portal Release 9.0.4: Export and Import Utilities eStudy.

Oracle Application Server 10g: Administration - I 11-33

Exporting and Importing Objects in OracleAS Portal
Source OracleAS Portal Instance Target OracleAS Portal Instance

Portal objects

Saved transport set Exported transport set Portal objects

Imported transport set

-mode=export

-mode=import

FTP transfer Export/import script Dump file Dump file Export/import script

Copyright © Oracle, 2004. All rights reserved.

Exporting and Importing Objects in OracleAS Portal (continued) The export and import process is a multi step process that you perform using the OracleAS Portal user interface and a set of command-line scripts: 1. In the source OracleAS Portal instance, create a transport set and populate it with the list of portal objects that you want to export to the target OracleAS Portal instance. 2. Export the transport set and generate the export/import script. During this step portal objects that are listed in the transport set are copied into the transport tables in the source OracleAS Portal instance. 3. Execute the export/import script in the EXPORT mode (-mode=export) to create a dump (.dmp) file that contains the transport set. The export/import script uses the exp database utility to export data from the transport tables. 4. Transfer the export/import script and the export dump file to a machine that hosts the target OracleAS Portal instance. 5. Import the transport set from the dump file by executing export/import script in the IMPORT mode (-mode=import). The export/import script uses the imp database utility to import data to the transport tables in the target OracleAS Portal instance. 6. In the target OracleAS Portal instance, merge portal objects from the transport set using the Export/Import Transport Set portlet.
Oracle Application Server 10g: Administration - I 11-34

Creating a New Transport Set
1. In the Navigator, select a portal object and click the Export action. 2. Enter a meaningful title for the transport set. 3. Save the transport set for future editing or export the transport set.

Saved transport set
Copyright © Oracle, 2004. All rights reserved.

Exported transport set

Creating a New Transport Set To create a transport set, open the Portal Navigator, select a portal object that you want to export, and click the Export action for this object. The top level portal objects to export are page groups and providers. To export an individual object, such as a category, a style, or a perspective, the object’s page group must already exist on the target OracleAS Portal instance. For this reason, the first export performed should migrate the entire page group from the source OracleAS Portal instance to the target OracleAS Portal instance. When exporting page groups, all objects within the page group as well as referenced shared objects are exported. This includes pages, categories, perspectives, styles, custom types, Web providers, and access control lists associated with the page group. During the migration of the Web provider metadata, OracleAS Portal will attempt to register the provider and its portlets. If the provider cannot be contacted during registration, then the provider will not be migrated and a message is written to the import log file. At the end of the creation process, you can immediately export the transport set to a file or you can save the transport set for editing it and exporting it at a later time.

Oracle Application Server 10g: Administration - I 11-35

Editing a Saved Transport Set
• To edit a saved transport set from the Export/Import Transport Set portlet:
– Select a transport set from the list of available saved transport sets – Use the wizard-based interface to: Modify the security of portal objects in the set Remove nonrequired portal objects from the set

•

Add new portal objects to the set by selecting the Add to An Existing Transport Set option of the Export action from the Portal Navigator

Copyright © Oracle, 2004. All rights reserved.

Editing a Saved Transport Set You can edit a saved transport set by adding or removing portal objects, changing the name, and changing the security options before exporting the transport set. To edit the transport set, you select the required set from the list of available transport sets in the Export/Import Transport Set portlet and click Edit. A wizard-based interface enables you to include the security of the portal objects included in the set, as well as remove those objects that are not required. To add a new portal object to the existing set, you choose the portal object from the Portal Navigator and select corresponding option of the Export action.

Oracle Application Server 10g: Administration - I 11-36

Exporting a Transport Set
Steps to export a transport set: 1. Select a transport set from the list of available saved transport sets. 2. Export the transport set. 3. View the export log output. 4. Download the export/import script. 5. Run the script in the EXPORT mode to generate a dump file.
expimp.csh -mode EXPORT -d mycompany_portal.dmp -c infra_db -s portal -p fs61qat9

Copyright © Oracle, 2004. All rights reserved.

Exporting a Transport Set After a transport set is ready to export, you perform the following steps: 1. Select the transport set from the list of available saved transport sets. 2. Export the selected set by clicking Export Now in the Edit Transport Set Wizard. After the set is exported, the transport set is considered as complete and cannot be edited anymore. 3. When the export completes the portal objects become available for migration. Review the export log for errors that may occur during the export. 4. OracleAS Portal uses the exp and imp database utilities in this migration. The wizard provides you with the export/import scripts for performing this operation from a UNIX shell or a Windows NT command window. Download the script relevant to your source and target operating system. 5. Run the export/import script in the EXPORT mode to generate a dump file that contains the transport set ready for migration. The following parameters should be defined to run the script: - -mode defines the export/import script mode. This parameter must be set to EXPORT.

Oracle Application Server 10g: Administration - I 11-37

Exporting a Transport Set (continued) - -d defines the name of the dump file. - -c defines the connect string to the database that contains the source OracleAS Portal instance. - -s defines the name of the OracleAS Portal product schema. In a typical installation, this is the portal schema. - -p defines the password for the OracleAS Portal product schema. The password is randomized and can be extracted from OID.

Oracle Application Server 10g: Administration - I 11-38

Importing the Transport Set
1. Run the script in the IMPORT mode to load the dump file into the target OracleAS Portal instance.
expimp.csh -mode IMPORT -d mycompany_portal.dmp -company mycompany -c infra_db -s portal -p fs61qat9 -pu mc_admin -pp mc123

2. Select the transport set from the list of transport sets ready for import. 3. Select the import mode. 4. Import the transport set. 5. Analyze the import log for possible errors.
Copyright © Oracle, 2004. All rights reserved.

Importing the Transport Set After you transfer the export/import script and the dump file to the target machine take the following steps: 1. Run the export/import script in the IMPORT mode. This loads the dump file into the target portal repository using the IMP database utility. The following parameters should be defined to run the script: - -mode defines the export/import script mode. This parameter must be set to IMPORT. - -d defines the name of the dump file. - -company defines a company name in the configuration that provides hosted environment. Default value is NONE. - -c defines the connect string to the database that contains the target OracleAS Portal instance. - -s defines the name of the OracleAS Portal product schema. In a typical installation this is the portal schema. - -p defines the password for the OracleAS Portal product schema. The password is randomized and can be extracted from OID.

Oracle Application Server 10g: Administration - I 11-39

Importing the Transport Set (continued) 1. (continued) - -pu defines the name of a portal user to log on to the target OracleAS Portal instance. - -pp defines the password for the portal user defined by the -pu parameter. 2. Log in to the target OracleAS Portal instance as a portal administrator, navigate to the Administer tab of the Builder page, select the imported transport set from the list of transport sets ready for import in the Export/Import Transport Set portlet, and click Import. 3. Before starting the import, the Import Transport Set Wizard enables you to set the import mode. There are three import modes available. In the Overwrite mode existing objects with the same names as objects in the transport set are overwritten. If you want to ignore warnings raised during the import, then select Ignore Warnings During Import. This isolates objects that prompt errors and allows the import of successful objects. It is a good idea to initially run the import in Check-only mode. This allows you to view potential conflicts, warnings, or errors before changes are made in the target portal node. This also provides information on which objects will be overwritten or reused. From this you can decide whether to run the import in overwrite mode or not. Start import. 4. Start import and perform periodical checks on the process by viewing the import log. When finished, analyze the log file for possible errors.

Oracle Application Server 10g: Administration - I 11-40

Browsing Transport Sets
• • • View the status of the transport sets in the OracleAS Portal instance. View the log of import and export actions. Delete transport sets from the OracleAS Portal instance.

Copyright © Oracle, 2004. All rights reserved.

Browsing Transport Sets In addition to creating, editing, exporting, and importing transport scripts, you can also view the list of transport sets existing in the OracleAS Portal instance and check their current status. You can also view the log of actions, view referenced objects and download export/import scripts for transport sets with a status of Export Complete, by clicking the appropriate links. Additionally, you can delete transport sets from the system or to reuse a transport set.

Oracle Application Server 10g: Administration - I 11-41

Summary
In this lesson, you should have learned how to: • Describe OracleAS Portal administrative services • Describe tools to monitor the OracleAS Portal instance • Manage OracleAS Portal users and groups • List OracleAS Portal schemas • Administer the Portlet repository • Perform export and import of portal content

Copyright © Oracle, 2004. All rights reserved.

Summary In this lesson, you should have learned about OracleAS Portal administrative services that you as a portal administrator can use to perform monitoring of the OracleAS Portal instance. You should also have learned to perform basic administration tasks, such as managing OracleAS Portal schemas, users, and groups, and administering the portlet repository that stores information about providers and portlets in the OracleAS Portal instance. Finally, you should have learned how to migrate your portal content using the OracleAS Portal export/import utilities.

Oracle Application Server 10g: Administration - I 11-42

Configuring OracleAS Portal

Copyright © Oracle, 2004. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Describe OracleAS Portal configuration tasks • Configure the Self-Registration feature to enable users to create their own portal accounts • Configure OracleAS Portal for WebDAV • List the configuration modes of the Oracle Portal Configuration Assistant (OPCA) • Configure Language support • Configure the OracleAS Portal instance dependencies by using the Portal Dependency Setting file
Copyright © Oracle, 2004. All rights reserved.

Objectives OracleAS Portal is installed as part of the Oracle Application Server. In this lesson, you learn to perform basic configuration tasks, such as configuring the self-registration feature, installing additional languages, and configuring the portal to work with WebDAV. You also learn to configure the OracleAS Portal instance by using the Portal Dependency Settings tool and the Oracle Portal Configuration Assistant (OPCA).

Oracle Application Server 10g: Administration - I 12-2

OracleAS Portal Configuration Tasks: Overview
OracleAS Portal configuration tasks include: • Setting up self-registration and search features • Configuring language and mobile support • Configuring OraDAV support for OracleAS Portal access • Relinking the OracleAS Portal instance with other Oracle Application Server components

Copyright © Oracle, 2004. All rights reserved.

OracleAS Portal Configuration Tasks: Overview The OracleAS Portal framework provides administrative services that enable you to perform configuration tasks after the installation is complete. For example, these tasks may include: • Setting up the self-registration and search features • Configuring language and mobile support • Configuring OraDAV support for OracleAS Portal access • Relinking the OracleAS Portal instance with other Oracle Application Server components As with the administrative services, to perform most of the configuration tasks you use administrative user interface in OracleAS Portal and Oracle Application Server Control, or configuration scripts that are copied into the Oracle Home directory of the middle tier during the installation of Oracle Application Server that includes OracleAS Portal. For further details about setting up the search feature and configuring the mobile support refer to the Oracle Application Server Portal Configuration Guide.

Oracle Application Server 10g: Administration - I 12-3

Self-Registration Feature in OracleAS Portal

4

PR

OID

+
1

2

no
Account Details • User name • Password •…

3

yes Approval required Portal administrator

Portal user

Copyright © Oracle, 2004. All rights reserved.

Self-Registration Feature in OracleAS Portal One of the features that you as a portal administrator may want to implement is to enable end users to create their own portal accounts. The diagram on the slide shows the flow of actions when a public user requests a portal account: 1. The user opens a portal page that contains the Login portlet and clicks the Create New Account link. 2. The Self-Registration form is displayed. The user enters the preferred username, password and e-mail address and optional personal information, such as first name, last name, and work phone. 3. Depending on whether the user request requires an approval or not, a portal account can be created immediately after the request submission or the request is sent to the portal administrator for approval. If the portal administrator approves the request, the portal account is created and the user can log on to the portal. If the portal administrator rejects the user request, then the user is denied access to the portal. The user is always notified by e-mail when the request is approved or rejected. 4. The user logs on to the portal using his or her username and password.

Oracle Application Server 10g: Administration - I 12-4

Configuring the Self-Registration Feature in OracleAS Portal

1

4

2

3

Copyright © Oracle, 2004. All rights reserved.

Configuring Self-Registration Feature in OracleAS Portal To configure the self-registration feature in the OracleAS Portal instance: 1. Click the Global Settings link in the Services portlet. A tabbed page is displayed. 2. Find the Self-Registration Options section in the Main tab and enable the feature by selecting the corresponding check box. If you decide that the user’s request should be approved, then you select the Approval Required option to establish the approval process. If no approval is required, then the user can log in to the portal immediately after registering. 3. If you choose the Approval Required option, enter a host name and port in the EMail (SMTP) Host section, so that when the account has been approved or rejected, the user is notified via e-mail. 4. Confirm your changes by clicking OK.

Oracle Application Server 10g: Administration - I 12-5

Enabling the Self-Registration Feature in the Login Portlet
Edit the default settings of the Login portlet to: • Enable the self-registration feature link • Define text and URL of the self-registration link

Copyright © Oracle, 2004. All rights reserved.

Enabling the Self-Registration Feature in the Login Portlet After you configure the self-registration feature in the OracleAS Portal instance, the selfregistration link can be exposed in the Login portlet, which requires additional configuration steps on the portlet instance level. Typically, for a production portal that is imported into the OracleAS Portal instance these configuration steps are done by the page designer who builds the portal. As a portal administrator you may also want to add another instance of the Login portlet to a page accessible by a public user and enable the self-registration link in that portlet. To accomplish this, you need to edit the Login portlet default settings as follows: • Enable Self-Registration feature in the portlet. • Optionally, change the link text and the URL for the Self-Registration form if you are not using standard UI provided by OracleAS Portal.

Oracle Application Server 10g: Administration - I 12-6

OraDAV Architecture
• • WebDAV is a protocol extension to HTTP 1.1 that supports distributed authoring and versioning. OraDAV extends implementation of WebDAV to support connections to an Oracle database.
Oracle HTTP Server WebDAV client oradav.conf mod_dav moddav.conf
Copyright © Oracle, 2004. All rights reserved.

mod_oradav

OraDAV driver

OracleAS Portal

File system

OraDAV Architecture Web-based Distributed Authoring and Versioning, or WebDAV, is a protocol extension to HTTP 1.1 that supports Web-based collaboration. With WebDAV, the Internet becomes a transparent read and write medium, where content can be checked out, edited, and checked in to a URL address. mod_dav is Apache’s native implementation of WebDAV that supports read and write access to local files. The mod_oradav module for the Oracle HTTP Server extends implementation of mod_dav to support connections to an Oracle database to read and write content, and query and lock documents in various schemas. The Oracle database must have an OraDAV driver installed. mod_oradav calls this driver to map WebDAV activity to database activity. When Oracle Application Server is installed, all the required OraDAV parameters are set with values that are designed to enable Oracle database content to be accessed through a Web browser or WebDAV client. If the default values do not meet your needs, you can modify the values for required parameters and specify values for optional parameters.

Oracle Application Server 10g: Administration - I 12-7

Configuring OraDAV Support for OracleAS Portal Access
Parameters in the oradav.conf file specify: • • • DB connection (required) OraDAV driver (required) Other
<Location /dav_portal/portal> DAV Oracle DAVParam ORASERVICE cn=iasdb,cn=oraclecontext DAVParam ORAUSER portal DAVParam ORACRYPTPASSWORD BQtXpWPMeBG29ifH3Mrw7mQrOtqk0utDvw== DAVParam ORAPACKAGENAME portal_schema.wwdav_api_driver </Location>

Copyright © Oracle, 2004. All rights reserved.

Configuring OraDAV Support for OracleAS Portal Access The OraDAV configuration parameters are stored in the oradav.conf file and start with DAV and DAVParam. These parameters are specified within a <Location> directive. The oradav.conf file is included in the oracle_apache.conf file, which is, in turn, included in the httpd.conf file. In a typical installation of the Oracle Application Server, the oradav.conf file is located in the $ORACLE_HOME/Apache/oradav/conf directory. After OracleAS Portal has been installed, the oradav.conf file is populated with a <Location> directive which points to the portal schema. By default, the OracleAS Portal DAV URL is http://hostname:port/dav_portal/portal. This URL enables WebDAV clients, such as Microsoft Web folders, to access portal data. You can configure mod_oradav, using the Application Server Control, which is the recommended way, or manually, by editing the oradav.conf file. To make the changes effective, you must restart Oracle HTTP Server.

Oracle Application Server 10g: Administration - I 12-8

OracleAS Portal Configuration Assistant: Overview
OracleAS Portal Configuration Assistant (OPCA): • Is a Java tool for configuring OracleAS Portal • Is invoked by the Oracle Universal Installer (OUI) in the post installation phase • Can be invoked as ptlasst script from the $IAS_HOME/assistants/opca directory in the stand-alone mode

Copyright © Oracle, 2004. All rights reserved.

OracleAS Portal Configuration Assistant: Overview The OracleAS Portal supports a wide variety of topologies and configuration options. Factors that determine how to configure OracleAS Portal depend on the intended purpose, its local network environment, the anticipated load, and how it is accessed by users. Oracle Portal Configuration Assistant (OPCA), a Java configuration tool, is used for configuring OracleAS Portal. In a typical OracleAS installation that includes OracleAS Portal, OPCA is invoked by the Oracle Universal Installer in the post installation phase. You can also invoke this tool in the stand-alone mode by running the ptlasst script.

Oracle Application Server 10g: Administration - I 12-9

Linking an OracleAS Portal Instance
The MIDTIER mode of the OPCA enables you to link an OracleAS Portal instance with other OracleAS components. Identity
Middle-tier OHS Web cache Wireless Metadata repository OracleAS Portal repository management
Registration information

SSO Server, OID

Copyright © Oracle, 2004. All rights reserved.

Linking an OracleAS Portal Instance The MIDTIER mode of the OPCA enables you to link an existing or newly installed OracleAS Portal instance with other Oracle Application Server components, such as Oracle HTTP Server (OHS), OracleAS Single Sign-On server (SSO), Oracle Internet Directory (OID), OracleAS Web Cache, and OracleAS Wireless. It is necessary that all the components were properly installed and running. You also need to have Data Access Descriptors (DADs) created for accessing the OracleAS Portal from the middle tier. The MIDTIER mode of the OPCA supports atomic transaction with the option -type. The different types that are supported in the MIDTIER mode are: • ALL: Performs the complete association of the middle-tier components with the OracleAS Portal instance. The type is the superset of the OID, SSO, OHS and WEBCACHE types. • OID: Performs only the OracleAS Portal - OID association. This type is used if the changes are required in the portal because of the changes in the OID component; for example, changes in the OID host, port, or protocol. • SSO: Performs only the OracleAS Portal - SSO association. This type is used if the changes are required in the OracleAS Portal because of the changes in the SSO component; for example, changes in the SSO host, port, or protocol.
Oracle Application Server 10g: Administration - I 12-10

Linking an OracleAS Portal Instance (continued) • OHS: Performs only the OracleAS Portal – OHS association. The type is the superset of the SSO and WEBCACHE types. This type is used if the changes are required in the portal because of the changes in the Oracle HTTP server component; for example, changes in the Oracle HTTP server host, port, or protocol. • WEBCACHE: Performs only the OracleAS Portal–Web cache association. This type is used if the changes are required in the portal because of the changes in the OracleAS Web cache component; for example, changes in the Web cache invalidation port, invalidation password, and administration port. • DIPREG: Creates the provisioning profile in OID. The provisioning profile defines a list of specified events in the directory to which OracleAS Portal is subscribed (for example, user and group deletion). The profile is normally created during the installation of the OracleAS Portal. • DIPUNREG: Deletes the provisioning profile in OID Note: For a complete list of parameters for each type of the MIDTIER mode, refer to the OracleAS Portal Configuration Guide, Appendix B “Using the OracleAS Portal Configuration Assistant.”

Oracle Application Server 10g: Administration - I 12-11

Configuring Language Support
• • OracleAS Portal supports 29 languages. OPCA installs supported languages in the OracleAS Portal repository in the LANGUAGE mode. Note: Run the script for each language that you want to install.
ptlasst.csh -mode LANGUAGE –i custom Portal DB -c infra.mycompany.com:1521:iasdb parameters -s portal -sp fs61qat9 Language -lang f parameters -available

Copyright © Oracle, 2004. All rights reserved.

Configuring Language Support OracleAS Portal is translated into 29 languages. This allows developers to work in their own language when they build portals. In addition, the self-service content management supports multiple languages so that end users can provide documents and other content in different languages. Those who view the content can see the version that corresponds to the language they have selected in the Set Language portlet. To install languages into your OracleAS Portal instance, run OPCA in the LANGUAGE mode. Note that you must run the script with for each language that you want the OracleAS Portal to support. The following parameters should be defined to run the script: • General parameters: - -mode defines the OPCA mode. This parameter must be set to LANGUAGE. - -i defines how the way the OPCA gets parameter values. When set to TYPICAL, the OPCA uses the values defined during the installation of OracleAS Portal. CUSTOM setting makes the OPCA accept values provided in the command line.

Oracle Application Server 10g: Administration - I 12-12

Configuring Language Support (continued) • Portal DB parameters: - -c defines the connect string to the database that contains the Metadata Repository used by OracleAS Portal. - -s defines the database schema in which the portal repository is stored. In a typical installation this is the portal schema. - -sp defines the database password for the portal schema. The password is randomized and can be extracted from OID. • Language parameters: - -lang defines the abbreviation of the language to install. For example, f for French. Note: For a complete list of supported languages refer to the OracleAS Portal Configuration Guide, Appendix B”Using the OracleAS Portal Configuration Assistant.” - -available indicates that the language will be available for user translations immediately after installation.

Oracle Application Server 10g: Administration - I 12-13

Setting Language for a Portal Session
The Set Language portlet enables you to select: • Language for the current portal session • Territory for the selected language to determine localizations, such as date, currency, and decimal formats (only if enabled by the page designer)

Copyright © Oracle, 2004. All rights reserved.

Setting Language for a Portal Session Once installed, the language can be set as a preferred language for a portal session. OracleAS Portal provides the Set Language portlet that displays a list of installed languages in the form of links. You set the language for the portal session by clicking the corresponding link. The current session language is shown as a highlighted link in the Set Language portlet. In addition to selecting a preferred language for a portal session, users may be able to choose the territory to use for their portal session. The territory selection is typically enabled by the page designer by setting the default properties of the Set Language portlet and, therefore, does not require additional configuration from the portal administrator. Choosing a territory determines localization settings such as date, currency, and decimal formats. The territories are displayed as a list of links in a separate section of the portlet. If you do not select this check box, the territory defaults to the most common for the chosen language. The list of territories offered to users depends on the language they choose. The database in which OracleAS Portal installed should be created with Unicode (UTF8) as character set in order to support multiple languages.

Oracle Application Server 10g: Administration - I 12-14

Configuring OracleAS Portal Dependencies
• OracleAS Portal stores its dependencies on Oracle Application Server components in the Portal Dependency Setting file, the iasconfig.xml file. The Portal Dependency Setting file is located in the $ORACLE_HOME/portal/conf directory on the middle-tier machine. The Portal Dependency Setting tool, the ptlconfig script, updates the OracleAS Metadata Repository with current settings in the iasconfig.xml file.

•

•

Copyright © Oracle, 2004. All rights reserved.

Configuring OracleAS Portal Dependencies OracleAS Portal is dependent on some of the Oracle Application Server components, for instance OracleAS Web Cache and Oracle Internet Directory. It is important that you understand these dependencies as it may be necessary to fine tune, or configure these components after OracleAS is installed. To simplify configuration changes, OracleAS Portal introduces the Portal Dependency Settings file. This file stores configuration data from all the dependent components in a central place and the content of the file is updated when there are configuration changes. You can use the Portal Dependency Settings file to: • Check settings used by an OracleAS Portal instance • Update settings in the OracleAS Metadata Repository The name of the Portal Dependency Settings file is iasconfig.xml, and is located by default in $ORACLE_HOME/portal/conf, where $ORACLE_HOME is the OracleAS middle-tier home directory. To update the OracleAS Metadata Repository with configuration settings in the iasconfig.xml file, you run use the Portal Dependency Settings tool, the ptlconfig script located in the same directory.
Oracle Application Server 10g: Administration - I 12-15

The Portal Dependency Setting File
The iasconfig.xml file structure:
iASConfig

iASFarm

iASInstance

PortalInstance

iASInstance iASInstance

WebCacheComponent OIDComponent SSOComponent

WebCacheDependency OIDDependency SSODependency

Copyright © Oracle, 2004. All rights reserved.

The Portal Dependency Setting File The Portal Dependency Settings file is an XML file, that is made up of a number of elements that describe the settings of specific Oracle Application Server components and the dependencies OracleAS Portal instances have on them. The Portal Dependency Settings file definition is modeled in the schema file iasconfig.xsd which is located in the $ORACLE_HOME/portal/conf directory. For complete list of element descriptions used in the Portal Dependency Settings file, refer to the OracleAS Portal Configuration Guide, Appendix A “Using the Portal Dependency Settings file.”

Oracle Application Server 10g: Administration - I 12-16

The Portal Dependency Setting File (continued) Example of the iasconfig.xml file:
<IASConfig XSDVersion="1.0"> <IASInstance Name="904_MT.midtier.mycompany.com" Host="midtier.mycompany.com" OracleHome="/oracle/ias904_M14_mt" Version="9.0.4"> <OIDComponent AdminPassword="@BcMx8abEY5+GitLu7LdrhWOPd5bDlGQ==" AdminDN="cn=orcladmin" SSLEnabled="false" LDAPPort="3060"/> <WebCacheComponent AdminPort="4000" ListenPort="7781" InvalidationPort="4001" InvalidationUsername="invalidator“ InvalidationPassword="@BVs6wUm3xqs/SMXYov29hXlCA==" SSLEnabled="false"/> <EMComponent ConsoleHTTPPort="1813" SSLEnabled="false"/> </IASInstance> <PortalInstance DADLocation="/pls/portal" SchemaUsername="portal" SchemaPassword="@BWs7Sze2lNTRJgiMW2l14Gkq42HgynbMWA==“ ConnectString="cn=orcl904,cn=oraclecontext"> <WebCacheDependency ContainerType="IASInstance" Name="904_MT.midtier.mycompany.com"/> <OIDDependency ContainerType="IASInstance" Name="904_MT.midtier.mycompany.com"/> <EMDependency ContainerType="IASInstance" Name="904_MT.midtier.mycompany.com"/> </PortalInstance> </IASConfig>

Oracle Application Server 10g: Administration - I 12-17

The Portal Dependency Settings Tool
Run the ptlconfig script to: • Update the OracleAS Metadata Repository for a specific or all Portal instances defined in the Portal Dependency Settings file Encrypt all plain text passwords in the Portal Dependency Settings file Update OracleAS Web Cache, Oracle Internet Directory, Oracle Enterprise Manager, and OracleAS Portal data, as defined in the Portal Dependency Settings file

• •

Copyright © Oracle, 2004. All rights reserved.

The Portal Dependency Settings Tool To update the OracleAS Metadata Repository with configuration settings in the iasconfig.xml file, you must use the ptlconfig script. This script can: • Update the OracleAS Metadata Repository for a specific Portal instance defined in the Portal Dependency Settings file • Update the OracleAS Metadata Repository for all Portal instances defined in the Portal Dependency Settings file • Encrypt all plain text passwords in the Portal Dependency Settings file • Update OracleAS Web Cache, Oracle Internet Directory, Oracle Enterprise Manager, and OracleAS Portal site data, as defined in the Portal Dependency Settings file Run the ptlconfig script as follows: ptlconfig {-all | -dad <dad>} [-wc] [-oid] [-site] [-em] | -encrypt When you run this script, the log file ptlconfig.log is created in the directory $ORACLE_HOME/portal/logs which records operations performed on the OracleAS Metadata Repository.

Oracle Application Server 10g: Administration - I 12-18

The Portal Dependency Settings Tool (continued) Parameters of the ptlconfig script:
Parameter -all Description Updates all OracleAS Portal instances from the Portal Dependency Settings file. Portal DAD name. Used to update a specific OracleAS Portal instance from the Portal Dependency Settings file. Encrypt any plain text passwords in the Portal Dependency Settings file. Updates OracleAS Web Cache data as defined in the Portal Dependency Settings file. Example ptlconfig -all

-dad

ptlconfig –dad portal

-encrypt

ptlconfig -encrypt

-wc

ptlconfig –dad portal wc

-oid

ptlconfig –all –oid Updates Oracle Internet Directory data as defined in the Portal Dependency Settings file. Updates OracleAS Portal data (listening host and port) as defined in the Portal Dependency Settings file. ptlconfig –dad portal – site

-site

-em

ptlconfig –all –em Updates Oracle Enterprise Manager data as defined in the Portal Dependency Settings file.

Oracle Application Server 10g: Administration - I 12-19

Summary
In this lesson, you should have learned how to: • Describe OracleAS Portal configuration tasks • Configure the Self-Registration feature to enable users to create their own portal accounts • Configure OracleAS Portal for WebDAV • List the configuration modes of the Oracle Portal Configuration Assistant (OPCA) • Configure Language support • Configure the OracleAS Portal instance dependencies by using the Portal Dependency Setting file

Copyright © Oracle, 2004. All rights reserved.

Oracle Application Server 10g: Administration - I 12-20

Deploying PL/SQL and CGI Applications

Copyright © 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do the following: • Configure mod_plsql Create a database access descriptor (DAD) Define authentication for PL/SQL applications Use Oracle PL/SQL Server Pages (PSPs) Configure mod_cgi and mod_fastcgi for Common Gateway Interface scripts • Configure mod_perl for the use of PERL • Manage database providers and PL/SQL portlets • • • •

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 13-2

Overview

Oracle HTTP Server mod_perl PERL interpreter mod_fastcgi mod_plsql OS shell

loadpsp Oracle PSP

Oracle database

Copyright © 2004, Oracle. All rights reserved.

Overview In addition to the compiled Apache modules provided with the Oracle HTTP Server, several of the standard modules have been enhanced, and Oracle-specific modules have been added. The following three modules are discussed in this lesson: • mod_plsql: Routes PL/SQL requests to the Oracle PL/SQL service which, in turn, delegates the servicing of requests to PL/SQL programs. This module is recommended for PL/SQL program units. • mod_perl: Forwards PERL application requests to the PERL interpreter that is embedded in the Oracle HTTP Server. The primary advantages of using mod_perl are power and speed. The embedded PERL interpreter saves the overhead of starting an external interpreter, and the code-caching feature allows the server to run code that has already been loaded and compiled. • mod_fastcgi: Is a third-party module supports the FastCGI protocol, which enables you to maintain a pool of running servers for CGI applications. This has the advantage of eliminating startup and initialization overhead each time there is a call made to a CGI application.

Oracle Application Server 10g: Administration - I 13-3

The mod_plsql Module
• mod_plsql:
– Is an efficient PL/SQL interface for generating HTML – Uses standard database security features; users can be granted access to procedures but not to underlying tables through the Owner’s/Definer’s Rights Model – Enables you to reuse existing code and take advantage of in-house PL/SQL skills – Is productive; OracleAS Portal and Oracle Designer have PL/SQL generators

• If you have a lot of HTML pages, you can use Oracle PL/SQL Server Pages (PSPs) for rapid development of dynamic content.

Copyright © 2004, Oracle. All rights reserved.

The mod_plsql Module mod_plsql enables Oracle Application Server to connect to an Oracle database server and execute stored procedures. Each mod_plsql request is associated with a database access descriptor (DAD), a named set of configuration values used for database access. A DAD specifies information such as: • The database alias (Net8 service name) • A connect string if the database is remote • A procedure for uploading and downloading documents The PL/SQL procedures, which are invoked from mod_plsql, can perform some operations on the database and return the results to the user, or generate dynamic HTML pages containing data from the database. The procedure that mod_plsql invokes typically returns HTML data to the client. To simplify this task, mod_plsql comes with the PL/SQL Web Toolkit, a set of packages that you can use in your stored procedure to get information about the request, construct HTML tags, and return header information to the client. By default, the PL/SQL Web Toolkit is installed in the SYS schema. For more information about developing Web Stored Procedures, refer to the course "Oracle Application Server 10g PL/SQL Web Toolkit Reference”.
Oracle Application Server 10g: Administration - I 13-4

The mod_plsql Module (continued) You can produce the same results in the following ways: • Write an HTML page with embedded PL/SQL code and compile it as a PL/SQL server page. You can call procedures from the PL/SQL Web Toolkit, but not to generate every line of HTML output. • Write a complete stored procedure that produces HTML tags by calling the HTP, HTF, and OWA_* packages in the PL/SQL Web Toolkit. The key factors in choosing between these techniques are as follows: • If you have a large body of HTML code and want to include dynamic content or make the HTML page the front end of a database application, use PSPs. • If you have a large body of PL/SQL code that produces formatted output, you may find it more convenient to produce HTML tags by setting your Print statements to call the HTP package of the PL/SQL Web Toolkit.

Oracle Application Server 10g: Administration - I 13-5

Communication Flow: The Path of HTTP Requests
OHS 1 8 Listener 2 Auth. mod. 3 4
mod_plsql

7 6 5 Oracle database

Browser client

Oracle Application Server

Copyright © 2004, Oracle. All rights reserved.

Communication Flow: The Path of HTTP Requests 1. The browser sends a URL to the listener. The listener examines the URL and determines that the request is for a module; in this case, mod_plsql. 2. If authentication is required, the listener contacts an authorization module such as mod_auth or mod_ossl with the URL and browser credentials (authorization header, IP address, domain name, and SSL information). 3. The authorization module validates the request and returns the result to the required module. 4. mod_plsql uses the database access descriptor (DAD) configuration values to determine how to connect to the database. 5. mod_plsql connects to the database, prepares the call parameters, and invokes the PL/SQL procedure named in the URL request in the database. 6. The PL/SQL procedure generates an HTML page that can include dynamic data accessed from tables in the database as well as static data. 7. The output from the procedure is returned by way of the response buffer to mod_plsql. 8. The Oracle HTTP Server sends the response back to the client.

Oracle Application Server 10g: Administration - I 13-6

Enabling a PL/SQL Application
1. Configure the mod_plsql parameters. 2. Create a database access descriptor (DAD). 3. Restart Oracle HTTP Server. 4. Create a PL/SQL application.

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 13-7

mod_plsql Configuration Files
• The oracle_apache.conf file contains reference to other mod_plsql configuration files. • The httpd.conf file includes reference to oracle_apache.conf file.
httpd.conf under $ORACLE_HOME/Apache/Apache/conf

oracle_apache.conf plsql.conf under $ORACLE_HOME/Apache/modplsql/conf

dads.conf cache.conf

Copyright © 2004, Oracle. All rights reserved.

mod_plsql Configuration Files The installation of Oracle Application Server creates configuration files that you can edit, including the following, which affect mod_plsql. The primary Oracle HTTP Server configuration file is: $ORACLE_HOME/Apache/Apache/conf/httpd.conf The file httpd.conf contains an include directive for: $ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf The file oracle_apache.conf contains an include directive for: $ORACLE_HOME/Apache/modplsql/conf/plsql.conf The file plsql.conf contains an include directive for: $ORACLE_HOME/Apache/modplsql/conf/dads.conf $ORACLE_HOME/Apache/modplsql/conf/cache.conf The configuration files are discussed in more detail in this lesson.

Oracle Application Server 10g: Administration - I 13-8

plsql.conf file

This file contains the main directives to load mod_plsql into the Oracle HTTP Server:
LoadModule plsql_module \ /ias20/Apache/modplsql/bin/modplsql.so <IfModule mod_plsql.c> # include /ias20/Apache/modplsql/conf/cache.conf include /ias20/Apache/modplsql/conf/dads.conf ... </IfModule>

Copyright © 2004, Oracle. All rights reserved.

plsql.conf file This file contains the LoadModule directive to load mod_plsql into Oracle HTTP Server, global settings for mod_plsql, and includes directives for dads.conf and cache.conf. The directives are included in an IfModule block to make sure that they are only applied if the module is loaded successfully. The plsql.conf file is organized like the httpd.conf file having different configuration sections, starting with a general section that contains directives that apply to the module in general or all database access descriptors (DADs). A DAD is a set of values that specifies how mod_plsql connects to a database server to fulfill an HTTP request. The include directives belong to the cache or DAD setting sections that contain information only relevant for either PL/SQL caching or DADs.

Oracle Application Server 10g: Administration - I 13-9

dads.conf File
• The dads.conf file contains the configuration parameters for the PL/SQL database access descriptor (DAD). • A DAD is a set of values that specify how mod_plsql connects to a database server to fulfill an HTTP request.
<Location /pls/plsqlapp> SetHandler pls_handler ... </Location>

Copyright © 2004, Oracle. All rights reserved.

dads.conf File This file contains the configuration parameters for the PL/SQL database access descriptor (DAD). A DAD is a set of values that specifies how mod_plsql connects to a database server to fulfill an HTTP request. Besides the connection details, a DAD contains important configuration parameters for various operations in the database and for mod_plsql in general. Any Web-enabled PL/SQL application that uses the PL/SQL Web Toolkit must create a DAD to invoke the application. Some typical PL/SQL applications that require DADs are: • Oracle Application Server Portal • Oracle Application Server Single Sign-On • Any Oracle Application Server PL/SQL Cartridge application

Oracle Application Server 10g: Administration - I 13-10

Configuring mod_plsql

An example of a typical PL/SQL application DAD:
<Location /pls/plsqlapp> SetHandler pls_handler AllowOverride None PlsqlDatabaseUsername PlsqlDatabasePassword PlsqlDatabaseConnectString ... # PlsqlAuthenticationMode </Location> scott tiger host:port:service Basic

Copyright © 2004, Oracle. All rights reserved.

Configuring mod_plsql This is a configuration sample provided within the dads.conf file. You can access this file by navigating from the OEM Web site to the Oracle HTTP Server homepage, and then by using the Advanced Properties link at the bottom of the page. In the Advanced Properties page, you are able to open the dads.conf file from the Configuration Files table. You already know the <Location> container from a previous lesson and what directives are allowed. The following directives are Oracle specific: • PlsqlDatabaseUsername: Specifies the username to use to log in to the database. This is a mandatory parameter, except for a DAD that sets PlsqlAuthenticationMode to Basic and uses dynamic authentication. For DADs using SingleSignOn as authentication mode, this parameter has to be the name of the schema owner.

Oracle Application Server 10g: Administration - I 13-11

Configuring mod_plsql (continued) • PlsqlDatabasePassword: Determines the password to use to log in to the database. This is also a mandatory parameter except for a DAD that sets PlsqlAuthenticationMode to Basic and uses dynamic authentication. For DADs using Single Sign-On authentication, this parameter specifies the name of the schema owner. • PlsqlDatabaseConnectString: Defines the database to which mod_plsql will connect to. The following formats are allowed to specify this parameter: - ServiceNameFormat: HOST:PORT:SERVICE_NAME format where HOST is the host name running the database, PORT is the port number the TNS listener is listening on, SERVICE_NAME is the database service name - SIDFormat: HOST:PORT:SID format where HOST is the host name running the database, PORT is the port number the TNS listener is listening on, SID is the database SID - TNSFormat: A valid TNS alias which resolves using Net8 utilities such as tnsping and SQL*Plus - NetServiceNameFormat: A valid net service name which resolves to a connect descriptor. A connect descriptor is a specially formatted description of the destination for a network connection. A connect descriptor contains destination service and network route information. • If the format argument is not specified, then mod_plsql assumes that the specified string is either in the HOST:PORT:SID format, or resolvable by Net8. The differentiation between the two is made by the presence of the colon in the specified string. • It is recommended that newer DADs do not use the SIDFormat syntax. This exists only for backward compatibility reasons. Use the new two argument format for newly created DADs. • PlsqlAuthenticationMode: Specifies the authentication mode to be used for allowing access through this DAD. The value can be one of the following: - Basic: The default value is Basic. For the Basic mode, if you wish to perform dynamic authentication, the DAD username/password parameters must be omitted. - SingleSignOn: For Oracle Application Server Portal, you must set this directive to SingleSignOn. - GlobalOwa: The earlier releases of Oracle applications use the GlobalOwa mode. - CustomOwa or PerPackageOwa: The Custom Authentication modes (GlobalOwa, CustomOwa, PerPackageOwa) are used by very few PL/SQL applications. If the DAD is not using the Basic authentication, then you must include a valid username/password in the DAD configuration. • For more information, refer to Oracle HTTP Server Administrator’s Guide 10g (9.0.4).

Oracle Application Server 10g: Administration - I 13-12

Obtaining Information About mod_plsql

Copyright © 2004, Oracle. All rights reserved.

Obtaining Information About mod_plsql To access the main mod_plsql page: 1. Navigate to Oracle HTTP Server Home page on the Application Server Control. Click the Administration link to get to Administration Page. 2. Click PL/SQL Properties. The mod_plsql services page is displayed. You can use this page to monitor the status of mod_plsql. You can also create and edit mod_plsql database access descriptors (DADs), and maintain logging and cache configuration settings from this page. The page is divided into the following regions: • General: Shows the status of mod_plsql service and the average requests per hour. • HTTP Response Codes table: Provides information on the number of errors and response codes category wise • Cache: Provides the status of caching used by mod_plsql • Errors and Response Codes: Links to the HTTP error and SQL error pages

Oracle Application Server 10g: Administration - I 13-13

Configuring DADs Using dads.conf

Copyright © 2004, Oracle. All rights reserved.

Configuring DADs Using dads.conf To edit the dads.conf configuration file: 1. Navigate to Oracle HTTP Server Home page on the Application Server Control. Click the Administration link to get to Administration Page. 2. Click PL/SQL Properties. This opens the mod_plsql services page. 3. Click the required link in the DADs table to bring up the Edit DAD page. In order for changes to take effect, you may need to restart the HTTP Server.

Oracle Application Server 10g: Administration - I 13-14

DAD Creation Wizard

Copyright © 2004, Oracle. All rights reserved.

DAD Creation Wizard To create a DAD using the mod_plsql page: 1. Navigate to the Oracle HTTP Server Home page on Application Server Control. Click the Administration link to access the Administration page. 2. Click PL/SQL Properties. The mod_plsql services page is displayed. 3. Click Create in the DADs table to display the Create DAD page. 4. Select the type of DAD you want, such as Portal, and click Next. 5. Enter values for the following fields: - DAD Name: Specifies the name of the database access descriptor - Username: Determines the database user you want to bind with this DAD. This user must exist in your database. If you do not provide a username here, the user trying to access the DAD will be prompted for this information. - Password: Specifies the password of the given database user - Connection String: Determines how to contact your database. The entry should be a TNS alias or in form of hostname:port:service. - Connect String Format: Is used to specify what format you have specified in the Connect String field. You can select from the list of values. 6. Click OK to create the DAD.
Oracle Application Server 10g: Administration - I 13-15

Invoking a PL/SQL Application
Machine name Virtual path for Stored DAD location procedure and domain

http://host:port/path/pack.proc?p1=1&p2=2

Network protocol

HTTP listener port number

Stored package

Parameters for procedure

Copyright © 2004, Oracle. All rights reserved.

Invoking a PL/SQL Application To invoke a PL/SQL stored procedure in a Web browser, the URL typically must be in the following format: protocol://host[:port]/path/ [package.]proc_name[?query_string]] • protocol can be either http or https. For SSL, use https. • host is the domain-qualified name of the machine where the Web server is running. • port is the port at which the application server is listening. If the port is omitted, port 80 is assumed. • path is the virtual path to handle PL/SQL requests that is mounted in a <Location> container for a specific DAD. This container also includes the connection information. • package is the database PL/SQL package that contains stored procedures. If the package name is omitted, the procedure is a stand-alone procedure. • proc_name specifies the name of the PL/SQL stored procedure to run. This must be a procedure and not a function. It can accept only IN arguments. • ?query_string specifies parameters (if any) for the stored procedure.
Oracle Application Server 10g: Administration - I 13-16

Invoking a PL/SQL Application: Example 1
Oracle HTTP Server is configured with plsqlapp as the DAD location, and the browser sends the following URL:
http://myServer:7777/plsqlapp/myproc?p=Hello

Copyright © 2004, Oracle. All rights reserved.

Invoking a PL/SQL Application: Example 1 For example, if a Web server is configured to use the virtual path /plsqlapp for a specific DAD and the browser sends the following URL: http://mysun.oracle.com:7777/plsqlapp/myproc?p=Hello then the Web server running on mysun.us.oracle.com and listening at port 7777 handles the request. When the Web server receives the request, it passes the request to mod_plsql. The HTTP listener knows to do this because the virtual path /plsqlapp is configured by a location directive in the dads.conf file. That location is configured to invoke mod_plsql by including a SetHandler directive within the location directive. Next, mod_plsql uses the DAD included in that container, and runs the myproc procedure. The plus sign listed at the end of the URL designates a space. In the preceding example on the slide p=Hello will be passed as an input parameter to the myproc procedure and will be accepted as “Hello.”

Oracle Application Server 10g: Administration - I 13-17

Invoking a PL/SQL Application: Example 2
Specify a URL without providing a schema, package, or stored procedure name.
http://myServer:7777/pls/plsqlapp

The location container that enables this behavior:
<Location /pls/plsqlapp> SetHandler pls_handler ... PlsqlDefaultPage scott.home </Location>

Copyright © 2004, Oracle. All rights reserved.

Invoking a PL/SQL Application: Example 2 A URL can be successfully retrieved without specifying a schema, package, or a stored procedure name when the location container associated with the virtual path /plsqlapp contains the PlsqlDefaultPage directive. This specifies the default procedure to call if none is specified in the URL. In the example in the slide, a program unit called home, which is stored in the database schema scott will be called because it is the default. OracleAS Portal uses the PlsqlDefaultPage as shown in this example.

Oracle Application Server 10g: Administration - I 13-18

Preventing the Execution of PL/SQL Procedures
To exclude access to URLs containing specific packages, add the following in the dads.conf file:
PlsqlExclusionList sys.* PlsqlExclusionList dbms_* PlsqlExclusionList PlsqlExclusionList PlsqlExclusionList PlsqlExclusionList PlsqlExclusionList PlsqlExclusionList utl_* owa_* owa.* htp.* htf.* oracle.private.*

Copyright © 2004, Oracle. All rights reserved.

Preventing the Execution of PL/SQL Procedures Because some procedures in the dbms_* packages allow access to sensitive information, it is generally not a good idea to allow access from a browser. Because these procedures, such as the dbms_* packages, utl_* packages, and all packages under the SYS schema, pose a security risk when they are executed through the Web browser, the default setting prevents effectively the execution of the PL/SQL procedures granted to public in the database. Such packages are intended only for the PL/SQL application developer. The PlsqlExclusionList directive specifies a pattern in dads.conf for excluding certain procedures, packages, or schema names from being directly executed from a browser. This is a multiline directive in which each pattern occupies one line. The pattern is not case sensitive, and can accept simple wildcards such as *, ? and [a-z]. The default patterns excluded from direct URL access are sys.*, dbms_*, utl_*, owa_*, owa.*, htp.*, and htf.*. Setting this directive to NONE will disable all protection. This is not recommended for a production Web site, however, it is occasionally used for debugging purposes. The example in the slide excludes access to the default pattern and also to URLs containing oracle.private.* . This will not allow access to anything within the private package owned by the oracle schema.
Oracle Application Server 10g: Administration - I 13-19

Preventing the Execution of PL/SQL Procedures (continued) The setting PlsqlExclusionList oracle.private.* will only exclude access to URLs containing oracle.private.*. The system defaults will no longer be protected. (This is normally done for backward compatibility only.) As stated, the default setting prevents access to the above listed packages without specifying PlsqlExclusionList explicitly. So, if you want to exclude access to more packages, procedures or a schema than oracle.private.* you must include a PlsqlExclusionList directive for each package, procedure, or schema you want to exclude. In addition to URL patterns specified with this directive, mod_plsql also excludes any URLs containing special characters such as tabs, new lines, carriage returns, single quotation marks, or the backslash. This cannot be changed.

Oracle Application Server 10g: Administration - I 13-20

Mod_plsql Caching
• The mod_plsql can cache repeatedly used SQL statements and credentials to improve performance. • Applications such as OracleAS Portal use this feature. • Two types of caching is used by mod_plsql:
– PL/SQL Cache – Session Cookie Cache

Copyright © 2004, Oracle. All rights reserved.

mod_plsql Caching The mod_plsql has a mechanism to enable caching of repeatedly used SQL statements and credentials to improve performance. This is different from the caching that Web Cache provides. Applications such as OracleAS Portal benefit from this feature. There are two types of caching being used by mod_plsql: PL/SQL cache: Used to cache dynamically generated contents that do not change often. Applications using the OWA_CACHE package, such as OracleAS Portal, use this feature to improve performance and take some load off the database. Session cookie cache: Used to cache the cookie value generated by a Single Sign On server for a particular session. By enabling this feature, a roundtrip to the database to obtain a user's credentials is avoided, thereby, improving performance. Only applications that use Single Sign-On will benefit from this feature.

Oracle Application Server 10g: Administration - I 13-21

cache.conf file
This file contains the cache settings for mod_plsql:
# Turn caching on or off PlsqlCacheEnable On # Set directory to write the cache files PlsqlCacheDirectory /ias20/Apache/modplsql/cache # Set the total size of the cache, this parameter # takes bytes as the value, for 25 Megabyte: PlsqlCacheTotalSize 25600000 PlsqlCacheCleanupTime Everyday 2:00 ...

Copyright © 2004, Oracle. All rights reserved.

cache.conf file This file specifies the characteristics of the mod_plsql caching system. Directives that are used in the cache.conf file include the following: • PlsqlCacheEnable: Enables mod_plsql caching. • PlsqlCacheDirectory: Specifies the directory where cache files are written out. The owner of the httpd child processes must have write permission to this directory. When using with OracleAS Portal, this also points to a directory that is shared by mod_plsql and the OracleAS Portal file system cache. If you are running OracleAS Portal and change PlsqlCacheDirectory, then make sure that the OracleAS Portal configuration is also changed appropriately. - For PLSQL cache, all cache files are created under a directory called plsql relative to specified caching directory. - For Session Cookie cache, all cache files are created under a directory called session relative to specified caching directory. This directory must exist or Oracle HTTP Server will not start.

Oracle Application Server 10g: Administration - I 13-22

cache.conf (continued) • PlsqlCacheTotalSize: Limits the amount of space the cache is allowed to use. Both PL/SQL cache and Session Cookie cache share this cache space. Please note that this setting is not a hard limit. It might exceed the limit temporarily during normal processing. • PlsqlCacheCleanupTime: Specifies the time to start the cleanup of the cache storage. This setting defines the exact day and time in which cleanup should occur. The frequency can be set as daily, weekly, and monthly. - To define daily frequency, the keyword “Everyday” is used. The cleanup starts everyday at the time defined. For example, Everyday 2:00. This causes the cleanup to happen everyday at 2 a.m. (local time) in the morning. - To define weekly frequency, the days of the week such as “Sunday”, “Monday”, “Tuesday”, and so on are used. For example, Wednesday 15:30. This causes the cleanup to happen every Wednesday at 3:30 p.m. (local time) in the afternoon. - To define monthly frequency, the keyword “Everymonth” is used. The cleanup starts at the Saturday of the month at the time defined. For example, Everymonth 23:00. This causes the cleanup to happen the first Saturday of every month at 11:00 p.m. (local time) at night. • PlsqlCacheMaxSize: Specifies the maximum possible size of a cache file. This setting is to prevent the case in which one file can fill up the entire cache. In general, it is recommended that this be set to about 3 percent of the total cache size.

Oracle Application Server 10g: Administration - I 13-23

Troubleshooting
If you have problems connecting to the database: • Ensure that the network connection is working • Ensure that the TNS listener and database are running • Verify that the configured connection goes through using OracleNet, or some other tool to connect directly to the database • Check the username and password information in the DAD

Copyright © 2004, Oracle. All rights reserved.

Troubleshooting If you have problems connecting to the database: • Make sure that you can ping the machine hosting the database from a different machine. • Ensure that the TNS listener and the database are running; this information can be obtained using Application Server Control • Verify, using OracleNet or some other tool that you can connect to the database using the configured connection • Make sure that the username and password information provided for the DAD are correct. Try to establish a database session directly using these credentials, for example: myserver.us.oracle.com:1521:ORCL or use the tnsping utility to verify your connection information.

Oracle Application Server 10g: Administration - I 13-24

PL/SQL Server Pages
Example: show_emp_simple.psp
<%@ page language="PL/SQL" %> <%@ plsql procedure="show_emp_simple"%> <HTML> <HEAD><TITLE>Show Contents of HR.EMPLOYEES (Complete Dump)</TITLE></HEAD> <BODY> <% declare dummy boolean; begin dummy:=owa_util.tableprint('employees','border=1'); end; %> </BODY> </HTML>
Copyright © 2004, Oracle. All rights reserved.

PL/SQL Server Pages Web administrators are typically not involved in creating or uploading PL/SQL Server Pages (PSPs), but they should understand the process for troubleshooting purposes. To create and upload PSPs, perform the following steps: 1. Create a PSP file with the extension .psp. It can contain whatever content you like, with text and tags interspersed with PSP directives, declarations, and scriptlets. - In the simplest case, this file is nothing more than an HTML file. Compiling it as a PSP produces a stored procedure that outputs the same HTML file as using the PL/SQL Web Toolkit. - In the most complex case, it is a PL/SQL procedure that generates all the content of the Web page, including the tags for title, body, and headings. - In the typical case, it is a mix of HTML (providing the static parts of the page) and PL/SQL (filling in the dynamic content). 2. Load the PSP into the database as a stored procedure: $ loadpsp -replace -user hr/hr@t9 show_emp_simple.psp where hr is the database user who will become the owner of the generated PL/SQL stored procedure called show_emp_simple, and t9 is a TNS alias. 3. Access the page with a URL. For example: http://mysun.us.oracle.com:7777/pls/hrdad/show_emp_simple
Oracle Application Server 10g: Administration - I 13-25

Introducing the mod_cgi Module
• The Common Gateway Interface (CGI) is a mechanism to provide dynamic content for a Web page. • CGI is not a programming language but a protocol for scripts. • When using mod_cgi, CGI scripts are loaded and executed whenever a request for them is received. • CGI scripts are handled either by mod_cgi or mod_fastcgi and can be enabled by either ScriptAlias or ExecCGI. • There are CGI security issues.

Copyright © 2004, Oracle. All rights reserved.

Introducing the mod_cgi Module The Common Gateway Interface (CGI) defines a way for a Web server to interact with external content-generating programs that are often referred to as CGI programs or CGI scripts. It is the simplest, and most common way to put dynamic content on your Web site. CGI is a protocol for scripts for gathering information from a user request and responding to it. Oracle HTTP Server defines a standard set of environment variables, to provide CGI scripts with the information that they need. The most important are: • REQUEST_METHOD: How the script was called, by using GET or POST? • PATH_INFO: The relative path of the requested resource • PATH_TRANSLATED: The absolute path of the requested resource • QUERY_STRING: Additional supplied parameters, if any • SCRIPT_NAME: The actual name of the script For more information about configuring your Web server to execute CGI scripts, refer to the tutorial at http://httpd.apache.org/docs/howto/cgi.html. In order to get your CGI programs to work properly, you must have OHS configured to permit CGI execution. How to configure OHS for CGI execution will be discussed on the following pages.
Oracle Application Server 10g: Administration - I 13-26

Enabling CGI Scripts and Improving Security
Using ScriptAlias is the easiest way to enable the execution of CGI scripts in httpd.conf:
ScriptAlias /cgi-bin/ /ias20/Apache/Apache/cgi-bin #Prevent the use of .htaccess in this directory <Directory "/ias/Apache/Apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory>

Copyright © 2004, Oracle. All rights reserved.

Enabling CGI Scripts and Improving Security Setting AllowOverride to None prevents the use of .htaccess files in this container. It is very obvious with CGI scripts to the client that a CGI script is being used to generate the output and give a chance for unscrupulous users to play with the data in the URL. By hiding the script, you can avoid this problem. ScriptAlias has a useful side effect that you can use: the requested URL is split in two parts when it matches a URL that is longer than the alias, and the latter part is presented to the CGI script in the PATH_INFO environment variable. This effectively allows you to pass one parameter to a CGI script invisibly. For example, you can define a ScriptAlias as the following: ScriptAlias /dir "/ias/Apache/Apache/almost-secret-cgi/" Suppose, you place a CGI script called printenv in almost-secret-cgi, and the URL http://myserver.com/dir/printenv/document.html is accessed. The PATH_INFO environment variable used by the script will be /document.html. This approach to call the CGI script with the remainder of the URL gives the client the impression that he has requested and received an ordinary HTML document rather than a CGI script.

Oracle Application Server 10g: Administration - I 13-27

Working with CGI
• The execution of CGI scripts can also be enabled by using the ExecCGI directive:
<Directory "ias20/Apache/Apache/cgi-bin"> AllowOverride None Options ExecCGI SetHandler cgi-script order allow,deny Allow from all </Directory>

• Use the ScriptLog, ScriptLogLength, and ScriptLogBuffer directives to obtain useful information.
Copyright © 2004, Oracle. All rights reserved.

Working with CGI Instead of using the ScriptAlias directive you can use the AddHandler or SetHandler directive with ExecCGI.To specify a directory for executing CGI scripts use ExecCGI and AddHandler or SetHandler inside a directory container. With AddHandler or SetHandler, you can enable a handler type of cgi-script. In this case, you store your CGI scripts in your root document. If you do not use ScriptAlias, then Options ExecCGI must be on. Specifying ExecCGI as an option enables files to be interpreted as CGI scripts, and SetHandler then marks the whole directory as a CGI script location. mod_cgi provides three directives for generating a CGI-specific log that captures both CGI output and errors: • ScriptLog allows you to determine a log file. ScriptLog cannot be redefined in container directives such as <Directory>, <Location>, and <VirtualHost>. • ScriptLogLength specifies the maximum length of the log. Because CGI scripts can be very verbose, the log can grow out of control. If ScriptLogLength exceeded, logging stops. • ScriptLogBuffer specifies the maximum size in bytes for recording a POST request. For example, ScriptLogBuffer 1024 allows only the first kilobyte of the body to be logged.
Oracle Application Server 10g: Administration - I 13-28

The mod_fastcgi Module

• FastCGI is a language-independent, scalable, open extension to CGI that provides high performance by pooling processes to handle a request rather than spawning a new one each time a request is made. • FastCGI consists of two components:
– An Apache module, mod_fastcgi, to route requests to FastCGI servers. – A development kit that allows programmers to write FastCGI servers in C, C++, and PERL.

Copyright © 2004, Oracle. All rights reserved.

Introducing the mod_fastcgi Module FastCGI is an alternative to CGI that provides higher request processing performance by maintaining a pool of running servers to process requests, rather than spawning a new server for each request. Performance is improved by avoiding process creation overhead and also because the FastCGI servers can cache data between requests. For more information, see the Web site at http://www.fastcgi.com. mod_fastcgi and the FastCGI development kit are installed by default during Oracle HTTP Server installation. The FastCGI development kit is installed under a new Apache directory: $ORACLE_HOME/Apache/fastcgi. The PERL component of FastCGI is installed under $ORACLE_HOME/Apache/perl. There is also a directory called fcgibin, similar to the standard $ORACLE_HOME/Apache/Apache/cgi-bin directory.

Oracle Application Server 10g: Administration - I 13-29

Benefits of FastCGI
This third-party module enhances the capabilities of CGI, providing: • Persistent processes for CGI applications • Easy migration of existing CGI scripts • Language independence supporting libraries for C, C++, Java, PERL, and others • Process isolation • Portability, because FastCGI is nonproprietary • Support for distributed computing

Copyright © 2004, Oracle. All rights reserved.

Benefits of FastCGI This third-party module supports the FastCGI protocol, which enables you to maintain a pool of running servers for CGI applications. The FastCGI interface enhances the capabilities of CGI, providing the following benefits: • FastCGI processes are reused to handle multiple requests. This solves the CGI performance problem of creating new processes for each request. • The FastCGI application library simplifies the migration of existing CGI applications. • Like CGI applications, FastCGI applications can be written in many languages as C, C++, Java, PERL, and others, not just languages supported by the vendor API. Since the FastCGI API is independent of the server it runs under, FastCGI scripts can be ported to any platform and server that supports the FastCGI protocol. For more information see the Web site at http://www.fastcgi.com/. • A FastCGI application that fails cannot crash or corrupt the core server or other applications. FastCGI applications are, therefore, more secure. • FastCGI is nonproprietary, and is supported either directly or through commercial extensions by most popular Web servers. • FastCGI provides the ability to run applications remotely, which is useful for distributing load and managing external Web sites.
Oracle Application Server 10g: Administration - I 13-30

Enabling the FastCGI Server
FastCGI scripts are handled by mod_fastcgi and can be enabled by ScriptAlias.
ScriptAlias /fcgi-bin/ /ias20/Apache/Apache/fcgi-bin #Prevent the use of .htaccess in this directory <Directory "/ias20/Apache/Apache/fcgi-bin"> AllowOverride None Options None Order allow,deny Allow from all SetHandler fastcgi-script </Directory>

Copyright © 2004, Oracle. All rights reserved.

Enabling the FastCGI Server In order for FastCGI programs to work properly, Apache must be configured to permit FastCGI execution. This is the case by default. Using ScriptAlias is the easiest way to allow FastCGI scripts in one system wide directory. The standard configuration file httpd.conf comes with a ScriptAlias directive to specify a directory where FastCGI scripts can be kept: ScriptAlias /fcgi-bin/ "/ias20/Apache/Apache/fcgi-bin" You must point to a safe location when using the ScriptAlias directive, and use appropriate access control.

Oracle Application Server 10g: Administration - I 13-31

Overview of the mod_perl Module
• mod_perl is a built-in component of Oracle HTTP Server. • mod_perl integrates a complete PERL interpreter (version 5.004). • With mod_perl, you can run PERL CGI without loading a PERL interpreter every time. • mod_perl works by providing a handler, perl_script. • Access control or authentication can be done by a mod_perl handler.

Copyright © 2004, Oracle. All rights reserved.

Overview of the mod_perl Module The integration of a complete PERL interpreter allows Oracle HTTP Server to run PERL CGI scripts without loading a fresh interpreter each time. mod_perl works by providing a handler, perl_script that can be associated with directories and file extensions with SetHandler and AddHandler. This is the way how any mod_perl handler can be assigned to the PerlHandler directive. In addition, any stage of Oracle HTTP Server processing, such as access control or authentication, can be handed over to a mod_perl handler. The disadvantage of mod_perl is that it is a large module, because it contains the complete PERL language interpreter, so it causes Oracle HTTP Server to consume more memory. However, the performance gains possible from using mod_perl to run CGI scripts, or converting those scripts into more efficient scripts, can be considerable. The primary mod_perl interface is its Perl*Handler directives. A default configuration can be found in httpd.conf. Each stage of the Oracle HTTP Server processing can be reached with the corresponding handler directive. Note: For further information about handlers associated with mod_perl, see http://perl.apache.org/guide/.
Oracle Application Server 10g: Administration - I 13-32

Controlling Dynamic Content and Security
• Install all CGI and FastCGI scripts in a central directory. • Be careful with scripts that are not written by yourself. • Do not install scripts for which no source code is available. • Never install an interpreter, such as PERL or a shell, directly in a CGI directory. • Avoid starting a shell from a CGI script. • If any external program is called, use a fully qualified path name.

Copyright © 2004, Oracle. All rights reserved.

Controlling Dynamic Content and Security When using CGI and Web servers, you must consider the following kinds of security issues: • A hacker may try to gain access to the system by exploiting vulnerabilities. CGI scripts are a common source of such vulnerabilities, especially if they are not run with minimum privileges. • A hacker may try to trick the system into divulging information about itself, such as by sending directory listings and password files that can be used to attempt to access the system. This is a more subtle attack, more difficult to detect, and frighteningly easy to achieve. • A hacker may launch a denial-of-service attack against the server by making requests in rapid succession that causes the server to tie up all of its resources trying to process them. There are four basic kinds of denial-of-service attacks: - Tying up all available CPU time - Allocating all available memory - Filling the disk with data—for example, log information - Consuming all available network bandwidth To get further information about CGI, you can access the following URL: http://www.w3.org/Security/Faq/wwwsf4.html http://downloads.securityfocus.com/library/safecgi.txt
Oracle Application Server 10g: Administration - I 13-33

Database Providers and PL/SQL Portlets
• Database providers are PL/SQL packages that communicate with OracleAS Portal. • PL/SQL portlets are program units that implement business logic and produce HTML output. • Database providers and PL/SQL portlets use APIs from Portal Developer Kit (PDK) and Web PL/SQL Toolkit.
PL/SQL Portlet1 OracleAS Portal PL/SQL Portlet2

Portlet repository

Database provider

Copyright © 2004, Oracle. All rights reserved.

Database Providers and PL/SQL Portlets In OracleAS Portal architecture, the portal never communicates with a portlet directly. Instead, it talks to the provider. The database provider is a PL/SQL package that implements communication methods that are required by OracleAS Portal. These methods are used to retrieve information about or to display the provider’s portlets. A PL/SQL portlet is a collection of program units organized in a PL/SQL package that implements business logic and produces required HTML output to be displayed on a portal page. OracleAS Portal uses the portlet repository to store information about the available providers and their portlets. Portlet developers use APIs specified in the Portal Developer Kit (PDK) and the PL/SQL Web Toolkit to code database providers and PL/SQL portlets.

Oracle Application Server 10g: Administration - I 13-34

Installing the Database Provider and Its PL/SQL Portlets
1. Create a schema to store PL/SQL packages.
SQL> CREATE USER ORADBxx IDENTIFIED BY pwd; SQL> GRANT CONNECT, RESOURCE TO ORADBxx;

2. Create synonyms to OracleAS Portal PL/SQL APIs.
SQL> CONNECT PORTAL/PORTAL_PWD SQL> @PROVSYNS.SQL ORADBxx

3. Install the PL/SQL packages in the schema.
SQL> CONNECT ORADBxx/pwd SQL> @MY_PROVIDER.SQL

Copyright © 2004, Oracle. All rights reserved.

Installing the Database Provider and Its PL/SQL Portlets To install the database provider and its portlets, perform the following tasks: 1. Create a provider schema to store PL/SQL packages of the database provider and its PL/SQL portlets. It is recommended that the schema is different from the schema where OracleAS Portal is installed. 2. Create synonyms to OracleAS Portal PL/SQL APIs stored in the portal schema. Log in to the portal schema and grant execute privilege to call the PL/SQL APIs to the provider schema. This can be done by running the provsyns.sql script that is located in the $ORACLE_HOME/portal/admin/plsql/wwc directory, where $ORACLE_HOME is the root directory in which OracleAS Portal is installed. Note: You grant execute privileges on OracleAS Portal PL/SQL APIs only once per provider schema. 3. Install the PL/SQL packages of the database provider and its PL/SQL portlets in the provider schema. Log in to the database as the provider schema and run the scripts to create the database provider and its PL/SQL portlets. For example, the MY_PROVIDER.SQL script may contain PL/SQL code that creates packages for the database provider and its PL/SQL portlets.

Oracle Application Server 10g: Administration - I 13-35

Registering the Database Provider with OracleAS Portal
1 2 3 4

5

Copyright © 2004, Oracle. All rights reserved.

Registering the Database Provider with OracleAS Portal 1. Log on to OracleAS Portal as a portal administrator and click the Administer tab on the Portal Builder page. 2. Click the Portlet subtab. 3. Click the Register a Provider link in the Remote Providers portlet. 4. In the first step of the Register Provider Wizard, enter values for the provider properties: - Name: A unique name of up to 200 characters for the database provider. - Display name: This name appears in the Add Portlets page with the provider’s portlets listed beneath it. - Timeout: The number of seconds OracleAS Portal should attempt to connect to this provider before displaying the timeout message. - Timeout message: The text of the message that you want to display when OracleAS Portal cannot establish contact with the database provider within the number of seconds specified in the Timeout field. - Implementation style: The type of implementation style chosen for this provider: Database for database providers or Web for Web providers. 5. Click Next to proceed to the next step of the wizard.
Oracle Application Server 10g: Administration - I 13-36

Registering the Database Provider Using OracleAS Portal
7

9

8

6

Copyright © 2004, Oracle. All rights reserved.

Registering the Database Provider with OracleAS Portal (continued) 6. The display of the second step of the wizard depends on the provider’s implementation style that is selected in the first step. Enter values for the following properties required for a database provider: - Owning Schema: Specifies the provider schema - Package Name: Specifies the name of the PL/SQL package that implements the provider - Login Frequency: Determines the frequency of calls that OracleAS Portal makes to the provider to perform special processing before any portlet is executed. The value for this field is usually specified in the provider installation documentation. In most cases the value should be set to Never. 7. Click Next to proceed to the next step of the wizard. 8. In the third step of the wizard, you define access to the provider registration information to portal users. This does not affect access to the provider’s portlets. 9. Click Finish to complete the provider registration.

Oracle Application Server 10g: Administration - I 13-37

Adding the Portlet to a Portal Page
1

2

3

Copyright © 2004, Oracle. All rights reserved.

Adding the Portlet to a Portal Page As a result of the installation and registration process, the PL/SQL portlet can be added to a portal page. To add the portlet to a page: 1. Edit or customize the page. Select the portlet region in which you want the portlet to appear and click the Add Portlet icon. 2. In the Add Portlets window, select the portlet that you want to display on your page. Click the portlet title link to add it to the region and then click OK. 3. The portlet is displayed on your page.

Oracle Application Server 10g: Administration - I 13-38

Summary
In this lesson, you should have learned how to: • Access the configuration files • Configure mod_plsql for PL/SQL applications • Create a database access descriptor (DAD) • Specify authentication for PL/SQL applications • Enable the execution of CGI and FastCGI scripts configuring mod_cgi and mod_fastcgi • Configure mod_perl for the use of PERL • Manage database providers and PL/SQL portlets

Copyright © 2004, Oracle. All rights reserved.

Oracle Application Server 10g: Administration - I 13-39


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:69
posted:8/29/2009
language:English
pages:478